Security is one of those critical functions that as developers and programmers, we just hope will seamlessly work in the background. Unfortunately, this isn’t always the case. I was talking to an architect the other day who had an application server up and running and wanted to connect to a SQL Server database configured for Kerberos using Active Directory as the KDC. He wanted to "delegate" his active directory credentials from the browser through his application, to the driver – enabling true single sign-on for all users of the system. The application had successfully retrieved the credentials from the browser, but he couldn’t pass the credentials through to the SQL Server driver he was using because it didn’t accept delegated credentials.
To get around this problem, the architect had to open up the Kerberos credentials, exposing the username and password, and rewrite a new, insecure ID and password to pass to the driver – defeating the purpose of the security architecture altogether. This is essentially the same faux pas as handing Chris Berman press credentials to the Super Bowl and subsequently having to reevaluate his credentials before he gets to access the locker room and again before doing a sideline interview!
Rather than blocking your access at every checkpoint, using a driver should to make your life easier – the security vulnerability this architect faced doesn’t have to happen to everyone. Rather than kludging together an insecure workaround, you can use JDBC drivers like DataDirect’s to support delegated credentials within an app server. Kerberos credentials can pass through the driver and behave like they’re intended to – a Super Bowl press pass without the hassle at every check point!
As Senior Director of Research & Development, Jesse is responsible for the daily operations, product development initiatives and forward looking research for Progress DataDirect. Jesse has spent nearly 20 years creating enterprise data products and has served as an expert on several industry standards including JDBC, J2EE, DRDA and OData. Jesse holds a bachelor of science degree in Computer Engineering from North Carolina State university.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.Learn More
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.