Emeline - Go to http://mmmysql.sourceforge.net/ and you can pick up the latest jdbc driver jar file (works anywhere). You should be able to export your access tables to delimited files and then load them into mysql. With Access, you can use the JDBC-ODBC bridge to get at the data if you are interested in pursuing that avenue. Cheers Ray --- Emeline Barns <[EMAIL PROTECTED]> wrote: > Hi gurus, > I have databases created in MS Access and using JDBC-ODBC for connection > which is not great. > My application have to hold under 30 connections. I tested my PC to run 20 > instances of the program, and it worked. Does this mean that it will be > working when installed on shared drive? > I tried to switch to mySQL, butcannot yet find the JDBC driver for > WindowsNT(only Linux). Also I need to export my databases from Access to > MySQL which I have not found as well. > May be there are some free JDBC drivers for Access which I am not aware. I > make this program for non=profitable organization which has no money to buy > drivers. > Any help will be appreciated. > Emeline > > > >From: "Michael J. Cannon" <[EMAIL PROTECTED]> > >Reply-To: Orion-Interest <[EMAIL PROTECTED]> > >To: Orion-Interest <[EMAIL PROTECTED]> > >CC: <[EMAIL PROTECTED]> > >Subject: Re: Orion Security (WAS:RE:Questions About Orion) > >Date: Fri, 21 Sep 2001 15:27:42 -0500 > > > >Vlad, > > > >As in any App Server environment on the Web, the security vulnerabilities > >of > >the Orion App Server are on two fronts: > > > >Server-side: > >Orionserver Security Primer: > >http://www.jollem.com/~ernst/orion-security-primer/ > >Java Best Practices for Server-side Security: > >From Sun: > >J2EE: > >The Tutorial: > >http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security.html > >The Security Blueprint: > >http://java.sun.com/j2ee/blueprints/eis_tier/security/index.html > >Platform Spec for v.1.3 (go to the Security Bookmark in the .pdf) > >http://java.sun.com/j2ee/j2ee-1_3-pfd4-spec.pdf > > > >Additionally, there are potential vulnerabilities in the HTTP server, the > >plug-in architecture (especially when using CGI and PHP, Python, Perl or > >Jpython scripts/executables - allowed in Orion and rather easy to do, as > >well as being very fast). There was a general discussion about Java-based > >HTTP webservers at the WWW Mobile code forum > >(link:http://www.securityfocus.com/templates/archive.pike?end=2001-09-22&tid > >=196606&start=2001-09-16&list=107&threads=0&), but it didn't resolve > >anything. Bottom line: in general, currently both the HTTP and Java/J2EE > >functionality of the Orion Server is safe from all known exploits and > >vulnerabilities in the wild, with the possible exception of a DoS due to > >transparent proxying on the server (Cisco Routers and Xerox Printers, as > >well as most Cable and DSL modems are similarly vulnerable). Orion is no > >more vulnerable than Apache/Tomcat or IIS, and, as recent history has > >proven, is actually far less vulnerable than the Microsoft products for > >similar functionality (as well as being FAR faster and easier to develop > >for - Link: http://www.orionserver.com/benchmarks/benchmark.html , sadly, > >the BEAst will not allow Orion to continue to publlish stats, but you can > >read about that following the links:). > > > >The second major place that any J2EE AppServer is in the database. 'Nuff > >said, separate issue and separate practices. Use a secured (wrappered or > >tunneled with encruyption) HTTP or RMI connection to the database all JDBC > >connections. Secure the JDBC datastream and securew the database according > >to the best practices you may choose. > > > >The final place on the server-side that any J2EE or other App server is > >vulnerable is the environment. Nail down the ACLs for your specific > >environment and pay attention to the OS and the various other sevices and > >apps you are running on the box (including the security services - just > >had > >to repair a Symantec-installed hole left when they put their IDS tools on > >the production box!). Pay attention to domain and network issues, and keep > >the network clean and properly configured. Most Orion or Oracle > >penetrations I've seen/heard of were actually BIND exploits or port53 DNS > >issues. > > > >With the advent of NIMDA, we see another vector for attacks: the client > >program. With a few exceptions, Java AppServers are uniquely invulnerable > >to this new vector. > >Sun Client-side Security Note: > >http://java.sun.com/j2se/1.3.0/docs/guide/security/spec/security-specTOC.fm. > >html > > > >So, keep aware of general security threats, code to best practices, test > >developers' code for exploits before putting it into production (85% of all > >losses in the IT enterprise space are inside jobs) and be aware of normal > >security precautions. > > > >For Solaris tools see: > >http://www.solaris4you.dk/sunsolaris.html > > > >and, I'm testing the Astaro Security Linux implementation (and have > >installed it for 3 clients who use Orion or Oracle 9AS with OC4J) so far > >successfully. I include a few additional patches and configuration > >changes, > >but, in general it seems to work well. Link: > >http://www.astaro.com > >and > >http://www.astaro.org > > > >Comes with Enterprise VPN and AV support, too. > > > >Also having luck with Net Screen > >http://www.netscreen.com/products/index.html > > > >Hope all this was of assistance. Contact me offline if you have any more > >specific questions on Oracle, OAS or Orion Security. We also test > >Enterprise domain-level security and manage PKI infrastructures. > > > >Michael J. Cannon > >[EMAIL PROTECTED] > >PM/COO-hsqldb.org, Inc. > >http://hsqldb.org > > > >President, Ubiquicomm - Home of the Grupo Para Bellum Security Team > >http://www.ubiquicomm.com > >[EMAIL PROTECTED] > > > > > >----- Original Message ----- > >From: "The elephantwalker" <[EMAIL PROTECTED]> > >To: "Orion-Interest" <[EMAIL PROTECTED]> > >Sent: Friday, September 21, 2001 11:52 AM > >Subject: RE: Questions about Orion > > > > > > > Vlad, > > > > > > see comments... > > > > > > regards, > > > > > > the elephantwalker > > > www.elephantwalker.com > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad > > > Vinogradsky > > > Sent: Friday, September 21, 2001 7:08 AM > > > To: Orion-Interest > > > Subject: RE: Questions about Orion > > > > > > > > > Thanks for your response. Few follow-up questions. > > > > > > >By the way, Orion by itself can out do IIS by six to one!... > > > In what scenario? > > > <elephantwalker> > > > Orion serving up jsp pages compared to asp pages from IIS. > > > </elephantwalker> > > > > > > >... make sure you test the jdbc drivers with all necessary uses of sql > > > including > > > >things like LIMIT, CLOB, BLOB as well as 100's of open connections. > > > These are the key >database needs for a appserver servicing the web. > > > What about resource/connection pooling? > > > <elephantwalker> > > > Orion uses connection pooling for its ejbs, and you can specify > >connection > > > pooling for your jdbc connections in orion with a DataSource > >configuration. > > > </elephantwalker> > > > >Like anything, if you run it on Windows, it will be compromised. > > > I was asking more about known Orion vulnerabilities? > > > > > > <elephantwalker> > > > AFAIK, there are none if you take the following steps: > > > > > > 1. Run orion as a non administor user. > > > 2. Do not use any of the script based servlets, such as php. > > > 3. User jdbc drivers that support encrypted network traffic. Oracle does > > > this...I don't know about m$ sql server. > > > > > > > > > However, Windows is known to have many security issues, and if your > > > operating system security is compromised, the hackers will have access > >to > > > the orion, and any other resources you have. > > > > > > I would recommend staying away from any windows system for any internet > > > application because the windows record on security is so BAD. You should > >see > > > my internet logs the last few days ;(...filled with requests for silly > > > things on the c drive, something the frequently patched IIS is > >vulnerable > > > to, but which orion justs sends back a 404. > > > > > > In the past two years, I have seen no similar failure of Orion, nor any > > > complaints on the list. > > > </elephantwalker> > > > Thanks, > > > > > > Vlad > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]] On Behalf Of The > > > elephantwalker > === message truncated === __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com
