ISessionMgr logon security question

[ulliM]

Hi all,

we're about to establish a connection from an enterprise java application on a websphere appserver to a crystal report XI server via the JAVA RAS SDK.

Somewhere in the javacode that is deployed on the websphere appserver you can find the following code (analogously):

try {
 ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
 IEnterpriseSession session = sessionMgr.logon("username", "password", "servername","secEnterprise");
} catch (SDKException e) {
 e.printStackTrace();
}

My Question:
Due to security aspects: the logon method establishes a remote connection to the determined server, by sending username and password. What is the protocol used by the JAVA RAS SDK, to do the remote call that is encapsulated in the ISessionMgr.logon(...) call???
If sensitive data should be reported, its not secure to send username and password by a unconfident protocol.

Any suggestions out there or hints for literature?
thanks in advance
ulliM

 

[eyeswideclosed]

We use asp.net, but we do the the same thing, it runs on the compiled server-side code, talking to the sessionMgr object in binary on the same server, so it's not an issue for us, nothing goes across the wire, in your case, with a remote connection, I would assume tcp/ip and whatever your java implementation (j2ee? corba?) protocol and security would be in effect, it is most likely binary, however it is conceivable it could be packet sniffed.

 

[KingfisherINC]

It's CORBA/IIOP and it supports SSL

Kingfisher

 

[ulliM]

hi hejamana and KingfisherINC,
thanks for helpful the replies.

sincerely
ulliM