I agree with Sarnath about complexity. If I’m a user logging into database X there’s no way you could persuade me that I need to have a set of credentials for the network hop and another for the database.
If the database uses basic authentication user name ‘scott’ password ‘tiger’, and the person who configured the Avatica server said use basic authentication, then Avatica should use the same credentials. Yes, it’s not very secure, but hey, that’s basic authentication. Julian > On Mar 29, 2016, at 6:49 AM, Josh Elser <[email protected]> wrote: > > Just to make sure it's clear, the credentials would have to be duplicated > elsewhere presently (e.g. in a properties file that Jetty can read). Maybe > there's a JDBC API that the Avatica server could hook directly into to avoid > such credential duplication? > > Sarnath wrote: >> The extra pair adds additional complexity... I think it is better to go >> with underlying database creds.. Or better provide a hook to interested >> users who want separate creds... >>
