Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

NTLM Algorithm in Java

Posted on 2007-10-17
24
Medium Priority
?
822 Views
Last Modified: 2010-08-05
Hi,

I found one article on net -> http://www.jguru.com/faq/viewquestion.jsp?EID=393110

I have been able to get my logged in account in Windows domain. However, I am not too sure on whether it is the secure way of doing it or not. What do you all think?

Thanks
David
0
Comment
Question by:suprapto45
  • 10
  • 8
  • 6
24 Comments
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 600 total points
ID: 20091605
0
 
LVL 92

Expert Comment

by:objects
ID: 20091660
secure in what way. Its secure as NTLM is.
Did u want to know if NTLM is secure?  Thoufgh if thats all the server supports you don't really have any choice.
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20091661
I did that CEHJ, thanks but it does not work well in Firefox unless you configure the Firefox itself which is not the best option for us.

However, using the above URL's solution, we can get the username in both IE and Firefox and hence thinks that it would be much better if we use this instead. What is your opinion on the above URL?

Thanks
David
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Author Comment

by:suprapto45
ID: 20091667
objects,

Thanks. Well, I think that NTLM should be quite secure. The doubt that I had is the way how they get the username of the logged user. Can we consider that as a "hack"?

Thanks
David
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20091670
Dont have much time to understand the NTLM at this moment :)
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20091674
>>but it does not work well in Firefox unless you configure the Firefox itself which is not the best option for us.

Well i can only but guess at what you mean by that. Are you using signed applet/Web Start?
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20091683
CEHJ,

Nope, this is J2EE application. What I really would like to achieve is that if the user has logged in to the Windows, I do not want them to log in to the system again. The system will smartly know the user id of the Windows and give the access to the user.

Thanks
David
0
 
LVL 92

Assisted Solution

by:objects
objects earned 1400 total points
ID: 20091686
> The doubt that I had is the way how they get the username of the logged user. Can we consider that as a "hack"?

NTLM would not be that secure if it was that easy to hack :)
0
 
LVL 92

Expert Comment

by:objects
ID: 20091694
if u want to read up the algorithm then see here

http://www.innovation.ch/personal/ronald/ntlm.html
0
 
LVL 92

Accepted Solution

by:
objects earned 1400 total points
ID: 20091699
you'll find an implementation of the algorithm here

http://www.luigidragone.com/networking/ntlm.html
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20091707
Thanks objects,

I will read that. In your personal opinion, would you consider that solution as reliable?

David
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20091715
>>Well, I think that NTLM should be quite secure.

Of course no protocol that sends tokens in cleartext can be secure
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20091728
I will be back in the next 1 hour....sorry

Thanks
David
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20091739
>>Of course no protocol that sends tokens in cleartext can be secure

(So do it under https)

>>Nope, this is J2EE application

Not sure how that is relevant. You should be able to rid yourself of kludges by using signed code, possibly in conjunction with native code
0
 
LVL 92

Assisted Solution

by:objects
objects earned 1400 total points
ID: 20091803
Hard to say how reliable without looking at in in detail. Appears they just implemented a small part of the algorithm, enuf to do what they need. If that functionality meets your needs then give it some stress testing (as u should with any implementation). Or try the implementation I posted above.
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20091873
Sorry for the delay,

Okay, thanks objects for your opinion.

CEHJ, can you explain a bit more on what you mean?

Thanks
David
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20092032
>>CEHJ, can you explain a bit more on what you mean?

Of course, but what aspect(s) are you referring to?
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20099378
Hi CEHJ,

>>"Not sure how that is relevant. You should be able to rid yourself of kludges by using signed code, possibly in conjunction with native code"
I am not sure on this one. What is the relation between the NTLM with signed code and for jCFIS, it does not work in Firefox but you said that it is irrelevant. Can you possibly give me some explanation on it?

Thanks
David
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20099590
The reason i said it's not relevant is that there's no problem running native-interfacing Java code via Firefox - i do it all the time. What i need to know is what 'not working in Firefox' actually means
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20106192
Thanks CEHJ,

>>"The reason i said it's not relevant is that there's no problem running native-interfacing Java code via Firefox"
I agree with that.

>>"What i need to know is what 'not working in Firefox' actually means"
Well, I have configured the jCFIS on my J2EE app successfully and it works fine in IE i.e. IE will automatically bypass the login page. However, when I tried to access it in Firefox, Firefox always prompt out the dialog box asking for the username and password. If you enter your Windows username and password, it works fine in Firefox but I really am trying to avoid asking the user to input the username and password again.

Thanks again and sorry for not being clear.
David
0
 
LVL 92

Expert Comment

by:objects
ID: 20106242
jcfis will never work trabsparently with firefox, not sure how CEHJ ever got it to work with FF.
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 600 total points
ID: 20107039
You need to use the browser in a generic way, not in a platform-specific one. This will mean using an applet or Web Start, possibly signed.

>>not sure how CEHJ ever got it to work with FF.

I didn't say i got JCifs working with FF. I said i've never had a problem with interfacing with native code with FF
0
 
LVL 16

Author Comment

by:suprapto45
ID: 20107331
Thanks.

I really hope that there is a native solution to this so all browsers can work smoothly but jCFIS has been the best so far.

Thanks again to both objects and CEHJ.
David
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 20107355
:-)
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question