.. but what mechanism could Avatica use to do this generically? Is there
a means to verify some credentials without trying to instantiate a
java.sql.Connection with the given user/password?
Julian Hyde wrote:
I agree with Sarnath about complexity. If I’m a user logging into database X
there’s no way you could persuade me that I need to have a set of credentials
for the network hop and another for the database.
If the database uses basic authentication user name ‘scott’ password ‘tiger’,
and the person who configured the Avatica server said use basic authentication,
then Avatica should use the same credentials. Yes, it’s not very secure, but
hey, that’s basic authentication.
Julian
On Mar 29, 2016, at 6:49 AM, Josh Elser<[email protected]> wrote:
Just to make sure it's clear, the credentials would have to be duplicated
elsewhere presently (e.g. in a properties file that Jetty can read). Maybe
there's a JDBC API that the Avatica server could hook directly into to avoid
such credential duplication?
Sarnath wrote:
The extra pair adds additional complexity... I think it is better to go
with underlying database creds.. Or better provide a hook to interested
users who want separate creds...
