Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Security and logon

4 posts in General Discussion (old) Last posting was on 2000-03-28 13:51:19.0Z
Andreas S. Brunvoll Posted on 2000-03-28 07:04:43.0Z
Newsgroups: sybase.public.easerver
Date: Tue, 28 Mar 2000 09:04:43 +0200
From: "Andreas S. Brunvoll" <abr@avenir.no>
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Security and logon
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 16
NNTP-Posting-Host: 139.108.179.131
Message-ID: <347_38E0598B.7C6928CE@avenir.no>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25520
Article PK: 155601

Is it possible to get hold of the NT username (and password?) from an applet client application? I would like to use single sign-on in my application, so that the username in my application is the same as the users NT-username. My production environment is NT 4, IIS and EAServer.

I have been doing this with a servlet-application (JRun) running under IIS before, but is this still possible when client communication is over IIOP? Any recommendation of books or other resources regarding the subject will be appriciated.

Andreas


Dave Wolf [Sybase] Posted on 2000-03-28 11:26:08.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Security and logon
Date: Tue, 28 Mar 2000 06:26:08 -0500
Lines: 88
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0015_01BF987E.80FEB2A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
NNTP-Posting-Host: nomad6-31.sybase.com 157.133.176.31
Message-ID: <347_C3HzRkKm$GA.201@forums.sybase.com>
References: <347_38E0598B.7C6928CE@avenir.no>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25514
Article PK: 155595

This would not be allowed in an Applet unless you sign it and request special permissions to make native method calls.  JavaSoft prevented such functionality in Applets because of the serious security risk.  Imagine if the downloaded applet grabbed your username and password and sent it back to the server, or worse yet, another server.
 
Now EAS itself can use the NT security registry for its users and passwords.

Dave Wolf
Internet Applications Division
 
"Andreas S. Brunvoll" <abr@avenir.no> wrote in message news:38E0598B.7C6928CE@avenir.no...
Is it possible to get hold of the NT username (and password?) from an applet client application? I would like to use single sign-on in my application, so that the username in my application is the same as the users NT-username. My production environment is NT 4, IIS and EAServer.

I have been doing this with a servlet-application (JRun) running under IIS before, but is this still possible when client communication is over IIOP? Any recommendation of books or other resources regarding the subject will be appriciated.

Andreas


Andreas S. Brunvoll Posted on 2000-03-28 12:21:12.0Z
Newsgroups: sybase.public.easerver
Date: Tue, 28 Mar 2000 14:21:12 +0200
From: "Andreas S. Brunvoll" <abr@avenir.no>
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: Security and logon
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 65
NNTP-Posting-Host: 139.108.179.131
Message-ID: <347_38E0A3B7.116DF19A@avenir.no>
References: <347_38E0598B.7C6928CE@avenir.no> <347_C3HzRkKm$GA.201@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25506
Article PK: 155589

I see your point.

But could I password-enable the directory where my applet is located, so that the user has to authenticate to the webserver, and then let EAServer get hold of the authenticated username. As long as I know that the user has been authenticated by the webserver, I am just interested in the username to set up personalized settings, which entities the user shall be able to access and so on. I have been writing a servlet application where the user where authenticated by the webserver, and by calling request.getRemoteUser() I was able to get his username. This is more or less what I would like to do.

At the moment I am using OS authentication, but this forces all my users to logon to my system with their NT-domain username/password, which actually gives me the possibility to get hold of them. I don't think the domain admins are satisfied with the solution.

Andreas

"Dave Wolf [Sybase]" wrote:

This would not be allowed in an Applet unless you sign it and request special permissions to make native method calls.  JavaSoft prevented such functionality in Applets because of the serious security risk.  Imagine if the downloaded applet grabbed your username and password and sent it back to the server, or worse yet, another server. Now EAS itself can use the NT security registry for its users and passwords. 
Dave WolfInternet Applications Division 
"Andreas S. Brunvoll" <abr@avenir.no> wrote in message news:38E0598B.7C6928CE@avenir.no...Is it possible to get hold of the NT username (and password?) from an applet client application? I would like to use single sign-on in my application, so that the username in my application is the same as the users NT-username. My production environment is NT 4, IIS and EAServer.

I have been doing this with a servlet-application (JRun) running under IIS before, but is this still possible when client communication is over IIOP? Any recommendation of books or other resources regarding the subject will be appriciated.

Andreas


Dave Wolf [Sybase] Posted on 2000-03-28 13:51:19.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Security and logon
Date: Tue, 28 Mar 2000 08:51:19 -0500
Lines: 152
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0053_01BF9892.C8FB1AD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
NNTP-Posting-Host: nomad6-31.sybase.com 157.133.176.31
Message-ID: <347_By$tW1Lm$GA.298@forums.sybase.com>
References: <347_38E0598B.7C6928CE@avenir.no> <347_C3HzRkKm$GA.201@forums.sybase.com> <347_38E0A3B7.116DF19A@avenir.no>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:25500
Article PK: 155582

The simply pass the username/password in PARAM tags to the Applet from the HTML

Dave Wolf
Internet Applicaitons Division
 
"Andreas S. Brunvoll" <abr@avenir.no> wrote in message news:38E0A3B7.116DF19A@avenir.no...
I see your point.

But could I password-enable the directory where my applet is located, so that the user has to authenticate to the webserver, and then let EAServer get hold of the authenticated username. As long as I know that the user has been authenticated by the webserver, I am just interested in the username to set up personalized settings, which entities the user shall be able to access and so on. I have been writing a servlet application where the user where authenticated by the webserver, and by calling request.getRemoteUser() I was able to get his username. This is more or less what I would like to do.

At the moment I am using OS authentication, but this forces all my users to logon to my system with their NT-domain username/password, which actually gives me the possibility to get hold of them. I don't think the domain admins are satisfied with the solution.

Andreas

"Dave Wolf [Sybase]" wrote:

This would not be allowed in an Applet unless you sign it and request special permissions to make native method calls.  JavaSoft prevented such functionality in Applets because of the serious security risk.  Imagine if the downloaded applet grabbed your username and password and sent it back to the server, or worse yet, another server. Now EAS itself can use the NT security registry for its users and passwords. 
Dave WolfInternet Applications Division 
"Andreas S. Brunvoll" <abr@avenir.no> wrote in message news:38E0598B.7C6928CE@avenir.no...Is it possible to get hold of the NT username (and password?) from an applet client application? I would like to use single sign-on in my application, so that the username in my application is the same as the users NT-username. My production environment is NT 4, IIS and EAServer.

I have been doing this with a servlet-application (JRun) running under IIS before, but is this still possible when client communication is over IIOP? Any recommendation of books or other resources regarding the subject will be appriciated.

Andreas