[jcifs] Null pointer exception in ServerMessageBlock.java
Edward Costello
edward.costello at orionhealth.com
Thu Jun 22 20:17:59 GMT 2006
I'm curious then. Without specifying the username and password in the
URL, is it possible to use JCIFS to authenticate just a particular
connection. For Example, we have a single service we connect to using
NTLM authentication. We'd like to ensure firstly that the credentials
are never sent to any other service that happens to require NTLM
authentication. We'd also like to be able to use a different set of
credentials for other services that use NTLM authentication.
As far as I could tell from the documentation the only way to set the
username and password without putting in in the URL is to use a
properties file, system properties or a static configuration object. All
of these would result in the credentials being sent to any service that
requests NTLM authentication and would prevent us ever using a second
set of credentials for a different service.
Cheers
Ed
----- Original Message -----
*From:* Michael B Allen <mba2000 at ioplex.com>
*To:* "Levi Purvis" <jcifs at purvis.ws>
*CC:* jcifs at lists.samba.org
*Sent:* 06/23/2006 7:04:24 AM +1200
*Subject:* [jcifs] Null pointer exception in ServerMessageBlock.java
>On Thu, 22 Jun 2006 08:35:35 -0400
>"Levi Purvis" <jcifs at purvis.ws> wrote:
>
>
>
>>>>>Never put your password in the URL.
>>>>>
>>>>>
>>>>Why not?
>>>>
>>>>
>>>Because it's a security hazard.
>>>
>>>
>>Could you elaborate, please?
>>
>>
>
>URLs have a tendency to be passed around, cached, stored in config files
>and are generally promiscuous. For example. it's not inconceivable that
>a URL could be printed in a stack trace thereby possibly exposing any
>password in it to a user in a browser or terminal window.
>
>For real applications, URLs should never contain passwords. It's only
>provided as a convenience to the developer for experimental purposes or
>for user's who do not require any guarantee of security.
>
>Mike
>
>
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list