[jcifs] Occasionally NTLM Filter fails...Please Help.
John Baker
jbaker at javasystemsolutions.com
Mon May 18 22:30:53 GMT 2009
On Monday 18 May 2009 22:17:19 you wrote:
> This just does not register with you does it. You are in serious
> denial. How many different ways can I tell you that JCIFS is not an
> HTTP library?
>
> So let me get this straight, you want me to let you add code to JCIFS
> (that I previously explained to you in great detail would absolutely
> not work) and add HTTP stuff that has nothing to do with CIFS. Then
> when it breaks (and it will because you really have no clue what
jcifs may not have been intended to do HTTP related stuff, however the world
revolves around application servers hence a decent number of jcifs users are
using it purely for this library. No-one's arguing the NTLM filter is not
massively secure - it's a nice simple mechanism to authorise clients and it's
currently largely broken because of the static configuration.
HTTP aside, The static configuration doesn't just break the filter, it makes
jcifs not very useful in any application where more than one configuration is
required because:
private static final String X =
isn't particularly good. Let me expand upon this point:
jcifs_1.3.8_/src/jcifs$ grep -r "private static final String" *|wc -l
21
> you're doing) you want me to fix and maintain it? Oh, and for free.
I've only just mentioned that people including myself have offered to help fix
the static configuration stuff,
So, jcifs may not be an HTTP library, but if we fix the static configuration
stuff, we can have a set of code that will provide an NTLM filter (using the
latest and greatest jcifs), and if someone finds some free time, they can
build an NTLMv2 filter too.
On a side note, I suspect selling jcifs support may be easier if the responses
were kept at a professional level.
John
More information about the jcifs
mailing list