Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Jconnect 3.0 and security

2 posts in JConnect version 3.0 Last posting was on 1999-03-31 12:12:24.0Z
Johan Axelsson Posted on 1999-03-31 06:39:29.0Z
Message-ID: <3701C321.137C906B@enator.se>
Date: Wed, 31 Mar 1999 08:39:29 +0200
From: Johan Axelsson <johan.axelsson@enator.se>
Organization: Enator Adedata AB
X-Mailer: Mozilla 4.06 [sv] (WinNT; I)
MIME-Version: 1.0
Subject: Jconnect 3.0 and security
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Newsgroups: sybase.public.jconnect30
Lines: 8
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.jconnect30:276
Article PK: 255701

If I use Jconnect 3.0 and Open server gateway. Is not the system
wideopend for a hacker how can create a java-applet and connect the
database without downloading the "real" applet. Because Open server
gateway has opened a port for connection.

I´m wrong or do you know how to get more security?

/Johan


Lance Andersen Posted on 1999-03-31 12:12:24.0Z
Message-ID: <37021128.C0482BFA@sybase.com>
Date: Wed, 31 Mar 1999 07:12:24 -0500
From: Lance Andersen <lancea@sybase.com>
X-Mailer: Mozilla 4.51 [en] (X11; I; SunOS 5.7 sun4m)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: Jconnect 3.0 and security
References: <3701C321.137C906B@enator.se>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Newsgroups: sybase.public.jconnect30
Lines: 32
Path: forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.jconnect30:275
Article PK: 254591


Johan Axelsson wrote:
>
> If I use Jconnect 3.0 and Open server gateway. Is not the system
> wideopend for a hacker how can create a java-applet and connect the
> database without downloading the "real" applet. Because Open server
> gateway has opened a port for connection.
>
> I´m wrong or do you know how to get more security?
>
> /Johan

You lost me on this one.

The OSG (Open Server Gateway) simply accepts the TDS protocol and
converts it to I believe ODBC for communicating to SQL Anywhere. All of
the login info comes from the application/applet. This basically a
simple hop and would be no different than connecting via dbisql (so to
speak).

From a performance perspective, migrate to ASA from SQL Anywhere and you
can say good bye to the OSG and do a point to point connection

lance
team sybase
--
===============================================================================
Lance J. Andersen Email: lancea@sybase.com
Sybase Product Support Engineering Phone:(781) 564-6336
77 South Bedford Street Fax: (781) 564-6148
Burlington, MA 01803

The Dark Knight Returns!!! Let's Go Penguins!!!
===============================================================================