[jcifs] Re: Jcifs over the internet and proxies

Oliver Schoett os at sdm.de
Tue Oct 4 18:52:52 GMT 2005

Pattison, David wrote:

> I'm wondering how or if there is a solution for the following 
> situation: We have a customer at an internal company site, who is 
> accessing our web-app over the internet, with the app being help at 
> another company site. The problem is that both company sites are 
> behind proxies/firewalls (I believe it is an MS proxy of some kind), 
> and the web app itself is on a personal network.

The NTLM authentication protocol requires that a TCP connection is held 
during the exchange, so that challenge and response can be matched.  
With a proxy, this no longer works, because both sides have separate 
connections with the proxy, not with each other (this is required by the 
HTTP RFC 2616, sec. 8.1.3).

A secure soution to your problem would be to establish a VPN connection 
betwen the sites, or from the client into the network where the 
application resides. Over the VPN, you can then establish normal, 
unproxied TCP connections.


Oliver Schoett

More information about the jcifs mailing list