Orion provides three different concrete objects for user
authentication...all use the usermanager interface. EJBUser,
DataSourceUserManager and the default UserManager. The default is the
simplest, and uses the principal.xml file to define the user name and
password. We use EJBUser since it was so simple to add it to our
application.
As for the actual transmission over the network to the database, that's up
to the database/jdbc, but Oracle and others allow encrypted, secure
transmissions over the wire, including a local network.
As for cryptography...if you are using a https://somesecureurl.company.com ,
you can certainly encrypt the login transaction from a web page. All three
user managers also let you use certificates for authentication.
In addition, you can write your own user manager which uses LDAP...and use
the various encryption protocols used with LDAP.
There's also a hack on the www.orionsupport.com site which allows you to
authenticate against your unix/linux users.
You might look at the petstore application, and how the orion security
adapter is used with this.
As for your second line...couldn't quiet figure out your request.
Regards,
The Elephantwalker
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tobias
Streckel
Sent: Monday, March 12, 2001 1:27 AM
To: Orion-Interest
Subject: Cryptography with Orion
Hello,
I want to build a simpel application which verified a password and
username - a loginsystem. :-))
How work orion on the network- in cleartext?
If this is true, how can I use cryptography under the orionserver.
Thanks for your help....
Tobi
