Deliver superior customer experiences with an AI-driven platform for creating and deploying cognitive chatbots
Deliver Awesome UI with the most complete toolboxes for .NET, Web and Mobile development
Automate UI, load and performance testing for web, desktop and mobile
A complete cloud platform for an app or your entire digital business
Detect and predict anomalies by automating machine learning to achieve higher asset uptime and maximized yield
Automate decision processes with a no-code business rules engine
Optimize data integration with high-performance connectivity
Connect to any cloud or on-premises data source using a standard interface
Build engaging multi-channel web and digital experiences with intuitive web content management
Personalize and optimize the customer experience across digital touchpoints
Build, protect and deploy apps across any platform and mobile device
Security is one of those critical functions that as developers and programmers, we just hope will seamlessly work in the background. Unfortunately, this isn’t always the case. I was talking to an architect the other day who had an application server up and running and wanted to connect to a SQL Server database configured for Kerberos using Active Directory as the KDC. He wanted to "delegate" his active directory credentials from the browser through his application, to the driver – enabling true single sign-on for all users of the system. The application had successfully retrieved the credentials from the browser, but he couldn’t pass the credentials through to the SQL Server driver he was using because it didn’t accept delegated credentials.
To get around this problem, the architect had to open up the Kerberos credentials, exposing the username and password, and rewrite a new, insecure ID and password to pass to the driver – defeating the purpose of the security architecture altogether. This is essentially the same faux pas as handing Chris Berman press credentials to the Super Bowl and subsequently having to reevaluate his credentials before he gets to access the locker room and again before doing a sideline interview!
Rather than blocking your access at every checkpoint, using a driver should to make your life easier – the security vulnerability this architect faced doesn’t have to happen to everyone. Rather than kludging together an insecure workaround, you can use JDBC drivers like DataDirect’s to support delegated credentials within an app server. Kerberos credentials can pass through the driver and behave like they’re intended to – a Super Bowl press pass without the hassle at every check point!
As Senior Director of Research & Development, Jesse is responsible for the daily operations, product development initiatives and forward looking research for Progress DataDirect. Jesse has spent nearly 20 years creating enterprise data products and has served as an expert on several industry standards including JDBC, J2EE, DRDA and OData. Jesse holds a bachelor of science degree in Computer Engineering from North Carolina State university.
Copyright © 2018 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.