«

I want a website that is a CMS, has usernames, password. The "normal"
security system stuff. I know there are a multitude, just assume that
people create accounts and the credentials are stored in a MySQL
database.

I also have an applet that will reside on one of the pages. That
applet will require a username and password. Can the applet use JDBC
to query the same database and get the credential information and make
the decision to continue or fail? Is it possible to pass the
credentials used by the CMS to the Applet so I don't have a double
logon?

The main reason I ask is because I didn't want to build an admin
interface to manage user when so many web options are out there. I
didn't want to reinvent the wheel. I don't want a double logon
procedure either though.

Thanks.

jmDesktop wrote:
> I want a website that is a CMS, has usernames, password. The "normal"
> security system stuff. I know there are a multitude, just assume that
> people create accounts and the credentials are stored in a MySQL
> database.
>
> I also have an applet that will reside on one of the pages. That
> applet will require a username and password. Can the applet use JDBC
> to query the same database and get the credential information and make
> the decision to continue or fail? Is it possible to pass the
> credentials used by the CMS to the Applet so I don't have a double
> logon?
>
> The main reason I ask is because I didn't want to build an admin
> interface to manage user when so many web options are out there. I
> didn't want to reinvent the wheel. I don't want a double logon
> procedure either though.

If you can live with that:
- direct access to the database from the outside
- people can decompile your applet and read the database
username and password
- people can decompile the applet, remove the security checks,
rebuild it and run the modified version
then: yes.

Else: no.

I would go for:

applet----(HTTP)----web app----(JDBC)----database

Arne

On Thu, 15 May 2008 18:47:30 -0700 (PDT), jmDesktop
<> wrote, quoted or indirectly quoted someone
who said :

>I also have an applet that will reside on one of the pages

When considering this, presume some brat has decompiled your Applet
and used that knowledge to create a substitute Applet that causes as
much havoc as possible.

You thus need two layers of security, in the Applet and in the Server.
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Thu, 15 May 2008 18:47:30 -0700 (PDT), jmDesktop
<> wrote, quoted or indirectly quoted someone
who said :

>
>I also have an applet that will reside on one of the pages.

see http://mindprod.com/jgloss/jdbc.html#APPLETS
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

jmDesktop wrote:
> I want a website that is a CMS, has usernames, password. The "normal"
>

This is a tangent, but I'm curious: which CMS are you using? Just to
explain my query a bit further: Java has a fair number of CMS system
available, although they can be hard to locate.

Here's one good link I've found:

<http://java-source.net/open-source/content-managment-systems>

On May 16, 3:31*pm, Mark Space <marksp...@sbc.global.net> wrote:
> jmDesktop wrote:
> > I want a website that is a CMS, has usernames, password. *The "normal"
>
> This is a tangent, but I'm curious: which CMS are you using? *Just to
> explain my query a bit further: Java has a fair number of CMS system
> available, although they can be hard to locate.
>
> Here's one good link I've found:
>
> <http://java-source.net/open-source/content-managment-systems>

I don't have a CMS yet. I haven't decided on any of it. I'm just
learning more about all of Sun's technology and it's daunting at the
moment. I don't know if if helps me or complicates matters for me.
It is yet another framework for me to learn, but I knew that already.
Thanks for the link. I am sure it will be useful.

Sabine Dinis Blochberger wrote:
> Arne Vajhřj wrote:
>> I would go for:
>>
>> applet----(HTTP)----web app----(JDBC)----database
>
> I would change it to
> applet----(HTTPS)----web app----(JDBC)----database
>
> You can get a certificate signed by CACert[1] for free.

Since there will be send a username/password, then
HTTPS would be a good thing.

Arne