Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

jdbc connection cache vs client library connection cache

11 posts in General Discussion (old) Last posting was on 2000-03-20 15:52:03.0Z
Tim Nesham Posted on 2000-02-17 17:19:55.0Z
Newsgroups: sybase.public.easerver
From: "Tim Nesham" <tim.nesham@born.com>
Subject: jdbc connection cache vs client library connection cache
Date: Thu, 17 Feb 2000 11:19:55 -0600
Lines: 10
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Original-NNTP-Posting-Host: 161.49.6.89
Organization: Quad/Graphics,Inc.
NNTP-Posting-Host: dns2.qgraph.com 206.158.124.2
Message-ID: <347_38ac2dbf@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com!news.qgraph.com!161.49.6.89
Xref: forums-1-dub sybase.public.easerver:28488
Article PK: 160643

I see options for Client Library to encrypt data by passing the information
to the DBMS. But I don't see similar options for JDBC. Are the Sybase 11.0
encryption options only available through the Client Library driver?


TIA,

Tim


Dave Wolf [Sybase] Posted on 2000-02-17 17:23:26.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Thu, 17 Feb 2000 12:23:26 -0500
Lines: 24
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: dwolf-nt.sybase.com 157.133.41.127
Message-ID: <347_UvBPzwWe$GA.329@forums.sybase.com>
References: <347_38ac2dbf@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28487
Article PK: 160642

The encryption you see of OpenClient is only to encrypt the password. The
rest of the stream is i the clear.

jConnect can go inside of SSL but you need to tunell, and detunnel etc etc.

Dave Wolf
Internet Applications Division

Tim Nesham <tim.nesham@born.com> wrote in message
news:38ac2dbf@news.qgraph.com...
> I see options for Client Library to encrypt data by passing the
information
> to the DBMS. But I don't see similar options for JDBC. Are the Sybase
11.0
> encryption options only available through the Client Library driver?
>
>
> TIA,
>
> Tim
>
>


Tim Nesham Posted on 2000-02-18 15:57:30.0Z
Newsgroups: sybase.public.easerver
From: "Tim Nesham" <tim.nesham@born.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Fri, 18 Feb 2000 09:57:30 -0600
Lines: 33
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Original-NNTP-Posting-Host: 161.49.6.89
Organization: Quad/Graphics,Inc.
NNTP-Posting-Host: dns2.qgraph.com 206.158.124.2
Message-ID: <347_38ad6bee@news.qgraph.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com!news.qgraph.com!161.49.6.89
Xref: forums-1-dub sybase.public.easerver:28377
Article PK: 160402

What about Sec_Confidential DBParm parameter?

"Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
news:UvBPzwWe$GA.329@forums.sybase.com...
> The encryption you see of OpenClient is only to encrypt the password. The
> rest of the stream is i the clear.
>
> jConnect can go inside of SSL but you need to tunell, and detunnel etc
etc.
>
> Dave Wolf
> Internet Applications Division
>
> Tim Nesham <tim.nesham@born.com> wrote in message
> news:38ac2dbf@news.qgraph.com...
> > I see options for Client Library to encrypt data by passing the
> information
> > to the DBMS. But I don't see similar options for JDBC. Are the Sybase
> 11.0
> > encryption options only available through the Client Library driver?
> >
> >
> > TIA,
> >
> > Tim
> >
> >
>
>


Dave Wolf [Sybase] Posted on 2000-02-18 16:04:26.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Fri, 18 Feb 2000 11:04:26 -0500
Lines: 45
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.50
Message-ID: <347_lYFoVpie$GA.149@forums.sybase.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28375
Article PK: 160401

I dont know about what PB is doing, but OpenClient only encrypts the
password, the rest is in the clear.

Dave Wolf
Internet Applications Division

Tim Nesham <tim.nesham@born.com> wrote in message
news:38ad6bee@news.qgraph.com...
> What about Sec_Confidential DBParm parameter?
>
>
>
> "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> news:UvBPzwWe$GA.329@forums.sybase.com...
> > The encryption you see of OpenClient is only to encrypt the password.
The
> > rest of the stream is i the clear.
> >
> > jConnect can go inside of SSL but you need to tunell, and detunnel etc
> etc.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Tim Nesham <tim.nesham@born.com> wrote in message
> > news:38ac2dbf@news.qgraph.com...
> > > I see options for Client Library to encrypt data by passing the
> > information
> > > to the DBMS. But I don't see similar options for JDBC. Are the
Sybase
> > 11.0
> > > encryption options only available through the Client Library driver?
> > >
> > >
> > > TIA,
> > >
> > > Tim
> > >
> > >
> >
> >
>
>


Tim Nesham Posted on 2000-02-18 16:47:03.0Z
Newsgroups: sybase.public.easerver
From: "Tim Nesham" <tim.nesham@born.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Fri, 18 Feb 2000 10:47:03 -0600
Lines: 52
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Original-NNTP-Posting-Host: 161.49.6.89
Organization: Quad/Graphics,Inc.
NNTP-Posting-Host: dns2.qgraph.com 206.158.124.2
Message-ID: <347_38ad778b@news.qgraph.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com!news.qgraph.com!161.49.6.89
Xref: forums-1-dub sybase.public.easerver:28373
Article PK: 160400

But it says it works with SYJ, isn't that Jaguar connectivity for Open
Client?

"Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
news:lYFoVpie$GA.149@forums.sybase.com...
> I dont know about what PB is doing, but OpenClient only encrypts the
> password, the rest is in the clear.
>
> Dave Wolf
> Internet Applications Division
>
> Tim Nesham <tim.nesham@born.com> wrote in message
> news:38ad6bee@news.qgraph.com...
> > What about Sec_Confidential DBParm parameter?
> >
> >
> >
> > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > news:UvBPzwWe$GA.329@forums.sybase.com...
> > > The encryption you see of OpenClient is only to encrypt the password.
> The
> > > rest of the stream is i the clear.
> > >
> > > jConnect can go inside of SSL but you need to tunell, and detunnel etc
> > etc.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > news:38ac2dbf@news.qgraph.com...
> > > > I see options for Client Library to encrypt data by passing the
> > > information
> > > > to the DBMS. But I don't see similar options for JDBC. Are the
> Sybase
> > > 11.0
> > > > encryption options only available through the Client Library driver?
> > > >
> > > >
> > > > TIA,
> > > >
> > > > Tim
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Jim O'Neil [Sybase] Posted on 2000-02-22 18:23:50.0Z
Newsgroups: sybase.public.easerver
Date: Tue, 22 Feb 2000 13:23:50 -0500
From: "Jim O'Neil [Sybase]" <joneil@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: jdbc connection cache vs client library connection cache
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 53
NNTP-Posting-Host: joneil-nt.sybase.com 204.167.42.111
Message-ID: <347_38B2D436.39196A8@sybase.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com> <347_38ad778b@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28159
Article PK: 154632


Tim Nesham wrote:

> But it says it works with SYJ, isn't that Jaguar connectivity for Open
> Client?
>

Yes, it is. The parameter you're referring to merely sets a flag in OC -
CS_SEC_CONFIDENTIALITY - I guess the question I would have is whether this
setting will be passed along to actually affect the physical connection that
Jaguar is making or not. Given documentation, I would definitely think this
should work - are you finding that's not the case? This isn't exactly an area
I'm that knowledgable in, but the PB doc refers to other requirements to support
Open Client security services - have those requirements also been met?

--
Jim O'Neil
Senior Technical Support Engineer
Sybase, Inc



>
> "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> news:lYFoVpie$GA.149@forums.sybase.com...
> > I dont know about what PB is doing, but OpenClient only encrypts the
> > password, the rest is in the clear.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Tim Nesham <tim.nesham@born.com> wrote in message
> > news:38ad6bee@news.qgraph.com...
> > > What about Sec_Confidential DBParm parameter?
> > >
> > >
> > >
> > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > news:UvBPzwWe$GA.329@forums.sybase.com...
> > > > The encryption you see of OpenClient is only to encrypt the password.
> > The
> > > > rest of the stream is i the clear.
> > > >
> > > > jConnect can go inside of SSL but you need to tunell, and detunnel etc
> > > etc.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > news:38ac2dbf@news.qgraph.com...
> > > > > I see options for Client Library to encrypt data by passing the
> > > > information
> > > > > to the DBMS. But I don't see similar options for JDBC. Are the
> > Sybase
> > > > 11.0
> > > > > encryption options only available through the Client Library driver?
> > > > >
> > > > >
> > > > > TIA,
> > > > >
> > > > > Tim
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >


Tim Nesham Posted on 2000-02-22 21:32:35.0Z
Newsgroups: sybase.public.easerver
From: "Tim Nesham" <tim.nesham@born.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Tue, 22 Feb 2000 15:32:35 -0600
Lines: 105
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Original-NNTP-Posting-Host: 161.49.6.89
Organization: Quad/Graphics,Inc.
NNTP-Posting-Host: dns2.qgraph.com 206.158.124.2
Message-ID: <347_38b30077@news.qgraph.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com> <347_38ad778b@news.qgraph.com> <347_38B2D436.39196A8@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com!news.qgraph.com!161.49.6.89
Xref: forums-1-dub sybase.public.easerver:28131
Article PK: 160017

There is a big flap at this client about Client Library supporting
encryption but JDBC not supporting it. The PB doc says the encryption parms
work with SYJ - hence Client Library through Jaguar - "but" JDBC does not
have these options. So, for those using SilverStream (bear with me here)
and connecting to Sybase through JDBC the encryption capabilities between
the WEB server and DBMS do not exist. I've been told that it is possible to
encrypt data using Client Library between the WEB server and DBMS, but so
far I am not sure how.

Specifically, the client is questioning the use of SilverStream because they
use it for the Intranet and W4 employee financial data is being passed
through the SilverStream server and anyone with a sniffer can pick up that
data stream. But is Client Library any better? If Silverstream can only
use JDBC and cannot encrypt the data between the WEB server and DBMS and EAS
can, that represents a significant competitive edge to Sybase.

Dave Wolf made mention of tunneling-detunneling with JDBC. Is that an option
for Silverstream connecting to a Sybase DBMS with JDBC to get an encrypted
data stream between the WEB server and DBMS? Is it possible at all?

Thanks.

"Jim O'Neil [Sybase]" <joneil@sybase.com> wrote in message
news:38B2D436.39196A8@sybase.com...
> Tim Nesham wrote:
>
> > But it says it works with SYJ, isn't that Jaguar connectivity for Open
> > Client?
> >
>
> Yes, it is. The parameter you're referring to merely sets a flag in OC -
> CS_SEC_CONFIDENTIALITY - I guess the question I would have is whether this
> setting will be passed along to actually affect the physical connection
that
> Jaguar is making or not. Given documentation, I would definitely think
this
> should work - are you finding that's not the case? This isn't exactly an
area
> I'm that knowledgable in, but the PB doc refers to other requirements to
support
> Open Client security services - have those requirements also been met?
>
> --
> Jim O'Neil
> Senior Technical Support Engineer
> Sybase, Inc
>
>
>
> >
> > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > news:lYFoVpie$GA.149@forums.sybase.com...
> > > I dont know about what PB is doing, but OpenClient only encrypts the
> > > password, the rest is in the clear.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > news:38ad6bee@news.qgraph.com...
> > > > What about Sec_Confidential DBParm parameter?
> > > >
> > > >
> > > >
> > > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > > news:UvBPzwWe$GA.329@forums.sybase.com...
> > > > > The encryption you see of OpenClient is only to encrypt the
password.
> > > The
> > > > > rest of the stream is i the clear.
> > > > >
> > > > > jConnect can go inside of SSL but you need to tunell, and detunnel
etc
> > > > etc.
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > > news:38ac2dbf@news.qgraph.com...
> > > > > > I see options for Client Library to encrypt data by passing the
> > > > > information
> > > > > > to the DBMS. But I don't see similar options for JDBC. Are the
> > > Sybase
> > > > > 11.0
> > > > > > encryption options only available through the Client Library
driver?
> > > > > >
> > > > > >
> > > > > > TIA,
> > > > > >
> > > > > > Tim
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
>
>
>


Jim O'Neil [Sybase] Posted on 2000-03-16 19:08:32.0Z
Newsgroups: sybase.public.easerver
Date: Thu, 16 Mar 2000 14:08:32 -0500
From: "Jim O'Neil [Sybase]" <joneil@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: jdbc connection cache vs client library connection cache
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 138
NNTP-Posting-Host: joneil-nt.sybase.com 204.167.42.111
Message-ID: <347_38D13130.4FBC00AE@sybase.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com> <347_38ad778b@news.qgraph.com> <347_38B2D436.39196A8@sybase.com> <347_38b30077@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26263
Article PK: 156934


Tim Nesham wrote:

> There is a big flap at this client about Client Library supporting
> encryption but JDBC not supporting it. The PB doc says the encryption parms
> work with SYJ - hence Client Library through Jaguar - "but" JDBC does not
> have these options. So, for those using SilverStream (bear with me here)
> and connecting to Sybase through JDBC the encryption capabilities between
> the WEB server and DBMS do not exist. I've been told that it is possible to
> encrypt data using Client Library between the WEB server and DBMS, but so
> far I am not sure how.
>
> Specifically, the client is questioning the use of SilverStream because they
> use it for the Intranet and W4 employee financial data is being passed
> through the SilverStream server and anyone with a sniffer can pick up that
> data stream. But is Client Library any better? If Silverstream can only
> use JDBC and cannot encrypt the data between the WEB server and DBMS and EAS
> can, that represents a significant competitive edge to Sybase.
>
> Dave Wolf made mention of tunneling-detunneling with JDBC. Is that an option
> for Silverstream connecting to a Sybase DBMS with JDBC to get an encrypted
> data stream between the WEB server and DBMS? Is it possible at all?
>
> Thanks.
>
> "Jim O'Neil [Sybase]" <joneil@sybase.com> wrote in message
> news:38B2D436.39196A8@sybase.com...
> > Tim Nesham wrote:
> >
> > > But it says it works with SYJ, isn't that Jaguar connectivity for Open
> > > Client?
> > >
> >
> > Yes, it is. The parameter you're referring to merely sets a flag in OC -
> > CS_SEC_CONFIDENTIALITY - I guess the question I would have is whether this
> > setting will be passed along to actually affect the physical connection
> that
> > Jaguar is making or not. Given documentation, I would definitely think
> this
> > should work - are you finding that's not the case? This isn't exactly an
> area
> > I'm that knowledgable in, but the PB doc refers to other requirements to
> support
> > Open Client security services - have those requirements also been met?
> >
> > --
> > Jim O'Neil
> > Senior Technical Support Engineer
> > Sybase, Inc
> >
> >
> >
> > >
> > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > news:lYFoVpie$GA.149@forums.sybase.com...
> > > > I dont know about what PB is doing, but OpenClient only encrypts the
> > > > password, the rest is in the clear.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > news:38ad6bee@news.qgraph.com...
> > > > > What about Sec_Confidential DBParm parameter?
> > > > >
> > > > >
> > > > >
> > > > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > > > news:UvBPzwWe$GA.329@forums.sybase.com...
> > > > > > The encryption you see of OpenClient is only to encrypt the
> password.
> > > > The
> > > > > > rest of the stream is i the clear.
> > > > > >
> > > > > > jConnect can go inside of SSL but you need to tunell, and detunnel
> etc
> > > > > etc.
> > > > > >
> > > > > > Dave Wolf
> > > > > > Internet Applications Division
> > > > > >
> > > > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > > > news:38ac2dbf@news.qgraph.com...
> > > > > > > I see options for Client Library to encrypt data by passing the
> > > > > > information
> > > > > > > to the DBMS. But I don't see similar options for JDBC. Are the
> > > > Sybase
> > > > > > 11.0
> > > > > > > encryption options only available through the Client Library
> driver?
> > > > > > >
> > > > > > >
> > > > > > > TIA,
> > > > > > >
> > > > > > > Tim
>

Tim,

I got final word on the support of the security parameters when using SYJ. This
is taken from the 7.0.1 release notes:

SYJ Adaptive Server Enterprise
------------------------------
The SYJ Adaptive Server Enterprise database interface for Jaguar components
supports only those DBParms relevant at runtime. It does not support any design
time parameters since SYJ provides connectivity to ASE 11.5 for a PB custom
class user object that has been deployed as a Jaguar component. The following
DBParms, which are included on the SYJ Profile Setup dialog box, are not
supported by SYJ:

- All the DBParms on the Regional Settings tab including CharSet, Language,
Locale, and UTF8 (for Unicode)

- All the Directory services DBParms on the Directory Services tab

- All the Security services DBParms on the Security tab

- All the DBParms on the Network tab including AppName, Host, MaxConnect,
PacketSize, and PWEncrypt

- The Release DBParm on the Connection tab

- The TableCriteria DBParm on the System tab

- The Asynchronous Operations DBParms, Async and DBGetTime, on the Transaction
tab


So, basically the DBParm you were trying to set will not work with Jaguar
connection caches. Jaguar is actually making the connection on behalf of
PowerBuilder and passing a connection handle back to the PB component. After
that point, it's all PB, but many of the parameters here have to be set BEFORE
the connection is made and Jaguar, as far as I know, doesn't really have a way
to set or accept settings for these different options prior to making the
connection. It seems to me this would require an enhancement to the ct-library
support for connection caches.

--
Jim O'Neil
Senior Technical Support Engineer
Sybase, Inc


Tim Nesham Posted on 2000-03-17 14:14:28.0Z
Newsgroups: sybase.public.easerver
From: "Tim Nesham" <tim.nesham@born.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Fri, 17 Mar 2000 08:14:28 -0600
Lines: 194
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Original-NNTP-Posting-Host: 161.49.6.89
Organization: Quad/Graphics,Inc.
NNTP-Posting-Host: dns2.qgraph.com 206.158.124.2
Message-ID: <347_38d23dc8@news.qgraph.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com> <347_38ad778b@news.qgraph.com> <347_38B2D436.39196A8@sybase.com> <347_38b30077@news.qgraph.com> <347_38D13130.4FBC00AE@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com!news.qgraph.com!161.49.6.89
Xref: forums-1-dub sybase.public.easerver:26215
Article PK: 156885

I was in Chicago yesterday and saw Bill Conroy who was looking into this
issue from another angle. That is, related to JDBC, and he said that he did
not see a need for encryption settings to take effect through the dbparms as
the firewall handles the security. There is a problem with this. This
client want to use EAServer for the intranet where employees can view
sensitive financial data, w4s, etc. If the data is not encrypted then
someone with a sniffer on the network can view this data as this data is
flowing behind any firewall. At least in this case. I'm not an
infrastructure architech but that is their concern. Not sure how valid the
concern is, though.

Any thoughts?

"Jim O'Neil [Sybase]" <joneil@sybase.com> wrote in message
news:38D13130.4FBC00AE@sybase.com...
> Tim Nesham wrote:
>
> > There is a big flap at this client about Client Library supporting
> > encryption but JDBC not supporting it. The PB doc says the encryption
parms
> > work with SYJ - hence Client Library through Jaguar - "but" JDBC does
not
> > have these options. So, for those using SilverStream (bear with me
here)
> > and connecting to Sybase through JDBC the encryption capabilities
between
> > the WEB server and DBMS do not exist. I've been told that it is
possible to
> > encrypt data using Client Library between the WEB server and DBMS, but
so
> > far I am not sure how.
> >
> > Specifically, the client is questioning the use of SilverStream because
they
> > use it for the Intranet and W4 employee financial data is being passed
> > through the SilverStream server and anyone with a sniffer can pick up
that
> > data stream. But is Client Library any better? If Silverstream can
only
> > use JDBC and cannot encrypt the data between the WEB server and DBMS and
EAS
> > can, that represents a significant competitive edge to Sybase.
> >
> > Dave Wolf made mention of tunneling-detunneling with JDBC. Is that an
option
> > for Silverstream connecting to a Sybase DBMS with JDBC to get an
encrypted
> > data stream between the WEB server and DBMS? Is it possible at all?
> >
> > Thanks.
> >
> > "Jim O'Neil [Sybase]" <joneil@sybase.com> wrote in message
> > news:38B2D436.39196A8@sybase.com...
> > > Tim Nesham wrote:
> > >
> > > > But it says it works with SYJ, isn't that Jaguar connectivity for
Open
> > > > Client?
> > > >
> > >
> > > Yes, it is. The parameter you're referring to merely sets a flag in
OC -
> > > CS_SEC_CONFIDENTIALITY - I guess the question I would have is whether
this
> > > setting will be passed along to actually affect the physical
connection
> > that
> > > Jaguar is making or not. Given documentation, I would definitely
think
> > this
> > > should work - are you finding that's not the case? This isn't exactly
an
> > area
> > > I'm that knowledgable in, but the PB doc refers to other requirements
to
> > support
> > > Open Client security services - have those requirements also been met?
> > >
> > > --
> > > Jim O'Neil
> > > Senior Technical Support Engineer
> > > Sybase, Inc
> > >
> > >
> > >
> > > >
> > > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > > news:lYFoVpie$GA.149@forums.sybase.com...
> > > > > I dont know about what PB is doing, but OpenClient only encrypts
the
> > > > > password, the rest is in the clear.
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > > news:38ad6bee@news.qgraph.com...
> > > > > > What about Sec_Confidential DBParm parameter?
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > > > > news:UvBPzwWe$GA.329@forums.sybase.com...
> > > > > > > The encryption you see of OpenClient is only to encrypt the
> > password.
> > > > > The
> > > > > > > rest of the stream is i the clear.
> > > > > > >
> > > > > > > jConnect can go inside of SSL but you need to tunell, and
detunnel
> > etc
> > > > > > etc.
> > > > > > >
> > > > > > > Dave Wolf
> > > > > > > Internet Applications Division
> > > > > > >
> > > > > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > > > > news:38ac2dbf@news.qgraph.com...
> > > > > > > > I see options for Client Library to encrypt data by passing
the
> > > > > > > information
> > > > > > > > to the DBMS. But I don't see similar options for JDBC. Are
the
> > > > > Sybase
> > > > > > > 11.0
> > > > > > > > encryption options only available through the Client Library
> > driver?
> > > > > > > >
> > > > > > > >
> > > > > > > > TIA,
> > > > > > > >
> > > > > > > > Tim
> >
>
> Tim,
>
> I got final word on the support of the security parameters when using SYJ.
This
> is taken from the 7.0.1 release notes:
>
> SYJ Adaptive Server Enterprise
> ------------------------------
> The SYJ Adaptive Server Enterprise database interface for Jaguar
components
> supports only those DBParms relevant at runtime. It does not support any
design
> time parameters since SYJ provides connectivity to ASE 11.5 for a PB
custom
> class user object that has been deployed as a Jaguar component. The
following
> DBParms, which are included on the SYJ Profile Setup dialog box, are not
> supported by SYJ:
>
> - All the DBParms on the Regional Settings tab including CharSet,
Language,
> Locale, and UTF8 (for Unicode)
>
> - All the Directory services DBParms on the Directory Services tab
>
> - All the Security services DBParms on the Security tab
>
> - All the DBParms on the Network tab including AppName, Host, MaxConnect,
> PacketSize, and PWEncrypt
>
> - The Release DBParm on the Connection tab
>
> - The TableCriteria DBParm on the System tab
>
> - The Asynchronous Operations DBParms, Async and DBGetTime, on the
Transaction
> tab
>
>
> So, basically the DBParm you were trying to set will not work with Jaguar
> connection caches. Jaguar is actually making the connection on behalf of
> PowerBuilder and passing a connection handle back to the PB component.
After
> that point, it's all PB, but many of the parameters here have to be set
BEFORE
> the connection is made and Jaguar, as far as I know, doesn't really have a
way
> to set or accept settings for these different options prior to making the
> connection. It seems to me this would require an enhancement to the
ct-library
> support for connection caches.
>
> --
> Jim O'Neil
> Senior Technical Support Engineer
> Sybase, Inc
>
>


Jim O'Neil [Sybase] Posted on 2000-03-20 15:52:03.0Z
Newsgroups: sybase.public.easerver
Date: Mon, 20 Mar 2000 10:52:03 -0500
From: "Jim O'Neil [Sybase]" <joneil@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: jdbc connection cache vs client library connection cache
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 36
NNTP-Posting-Host: joneil-nt.sybase.com 204.167.42.111
Message-ID: <347_38D64923.11BD6278@sybase.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com> <347_38ad778b@news.qgraph.com> <347_38B2D436.39196A8@sybase.com> <347_38b30077@news.qgraph.com> <347_38D13130.4FBC00AE@sybase.com> <347_38d23dc8@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26089
Article PK: 156093


Tim Nesham wrote:

> I was in Chicago yesterday and saw Bill Conroy who was looking into this
> issue from another angle. That is, related to JDBC, and he said that he did
> not see a need for encryption settings to take effect through the dbparms as
> the firewall handles the security. There is a problem with this. This
> client want to use EAServer for the intranet where employees can view
> sensitive financial data, w4s, etc. If the data is not encrypted then
> someone with a sniffer on the network can view this data as this data is
> flowing behind any firewall. At least in this case. I'm not an
> infrastructure architech but that is their concern. Not sure how valid the
> concern is, though.
>
> Any thoughts?
>

Well, I'm far from being firewall expert, but essentially 'all' I'd expect a
firewall to do is something like packet filter - check what type of packet is
coming through (HTTP, IIOP, etc.) and where it's going and accept/deny it.
Encryption of data would not be handled by the firewall, so even in the scenario
that you are outside the firewall, I'm not so sure that there you don't have a
valid concern here. If you don't want people to eavesdrop, you'll need
encryption, so I think your best best is to set up your connections to tunnel
under SSL - even within the intranet.
--
Jim O'Neil
Senior Technical Support Engineer
Sybase, Inc


Dave Wolf [Sybase] Posted on 2000-02-22 01:56:10.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: jdbc connection cache vs client library connection cache
Date: Mon, 21 Feb 2000 20:56:10 -0500
Lines: 64
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.19
Message-ID: <347_#zMiBiNf$GA.273@forums.sybase.com>
References: <347_38ac2dbf@news.qgraph.com> <347_UvBPzwWe$GA.329@forums.sybase.com> <347_38ad6bee@news.qgraph.com> <347_lYFoVpie$GA.149@forums.sybase.com> <347_38ad778b@news.qgraph.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28255
Article PK: 160297

Ill defer to a PB person.

Dave Wolf
Internet Applications Division

Tim Nesham <tim.nesham@born.com> wrote in message
news:38ad778b@news.qgraph.com...
> But it says it works with SYJ, isn't that Jaguar connectivity for Open
> Client?
>
> "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> news:lYFoVpie$GA.149@forums.sybase.com...
> > I dont know about what PB is doing, but OpenClient only encrypts the
> > password, the rest is in the clear.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Tim Nesham <tim.nesham@born.com> wrote in message
> > news:38ad6bee@news.qgraph.com...
> > > What about Sec_Confidential DBParm parameter?
> > >
> > >
> > >
> > > "Dave Wolf [Sybase]" <dwolf@sybase.com> wrote in message
> > > news:UvBPzwWe$GA.329@forums.sybase.com...
> > > > The encryption you see of OpenClient is only to encrypt the
password.
> > The
> > > > rest of the stream is i the clear.
> > > >
> > > > jConnect can go inside of SSL but you need to tunell, and detunnel
etc
> > > etc.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Tim Nesham <tim.nesham@born.com> wrote in message
> > > > news:38ac2dbf@news.qgraph.com...
> > > > > I see options for Client Library to encrypt data by passing the
> > > > information
> > > > > to the DBMS. But I don't see similar options for JDBC. Are the
> > Sybase
> > > > 11.0
> > > > > encryption options only available through the Client Library
driver?
> > > > >
> > > > >
> > > > > TIA,
> > > > >
> > > > > Tim
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>