Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Is it bad to connect to a database via an applet?

Reply
Thread Tools

Is it bad to connect to a database via an applet?

 
 
jmDesktop
Guest
Posts: n/a
 
      05-16-2008
I was trying to figure out how to connect an applet to a mysql
database. I only found very old articles on it. It seems no one does
this. So, now I am stuck. I want to write a game in an applet that
utilizes a database. I don't want to use Flash and php, which I keep
reading folks use. I want use Java. I just don't know the proper
design. Do I have a middle page, a servlet, that sits on the server
the applet talks to and that middle page talks to the server and
selects/updates the database? Thanks.
 
Reply With Quote
 
 
 
 
Arne Vajhøj
Guest
Posts: n/a
 
      05-16-2008
jmDesktop wrote:
> I was trying to figure out how to connect an applet to a mysql
> database. I only found very old articles on it. It seems no one does
> this. So, now I am stuck. I want to write a game in an applet that
> utilizes a database. I don't want to use Flash and php, which I keep
> reading folks use. I want use Java. I just don't know the proper
> design. Do I have a middle page, a servlet, that sits on the server
> the applet talks to and that middle page talks to the server and
> selects/updates the database?


Yes. It is bad to let the applet talk directly to the database.

applet----(HTTP)----web app----(JDBC)----database

is better.

See my reply to your other post for details.

Arne
 
Reply With Quote
 
 
 
 
jmDesktop
Guest
Posts: n/a
 
      05-16-2008
On May 15, 10:42*pm, Arne Vajhøj <(E-Mail Removed)> wrote:
> jmDesktop wrote:
> > I was trying to figure out how to connect an applet to a mysql
> > database. *I only found very old articles on it. *It seems no one does
> > this. *So, now I am stuck. *I want to write a game in an applet that
> > utilizes a database. *I don't want to use Flash and php, which I keep
> > reading folks use. *I want use Java. *I just don't know the proper
> > design. *Do I have a middle page, a servlet, that sits on the server
> > the applet talks to and that middle page talks to the server and
> > selects/updates the database?

>
> Yes. It is bad to let the applet talk directly to the database.
>
> applet----(HTTP)----web app----(JDBC)----database
>
> is better.
>
> See my reply to your other post for details.
>
> Arne


Does the same go for using webstart? Any Java application (not just
applet) that connects over the Internet?
 
Reply With Quote
 
Arne Vajhøj
Guest
Posts: n/a
 
      05-16-2008
jmDesktop wrote:
> On May 15, 10:42 pm, Arne Vajhøj <(E-Mail Removed)> wrote:
>> jmDesktop wrote:
>>> I was trying to figure out how to connect an applet to a mysql
>>> database. I only found very old articles on it. It seems no one does
>>> this. So, now I am stuck. I want to write a game in an applet that
>>> utilizes a database. I don't want to use Flash and php, which I keep
>>> reading folks use. I want use Java. I just don't know the proper
>>> design. Do I have a middle page, a servlet, that sits on the server
>>> the applet talks to and that middle page talks to the server and
>>> selects/updates the database?

>> Yes. It is bad to let the applet talk directly to the database.
>>
>> applet----(HTTP)----web app----(JDBC)----database
>>
>> is better.
>>
>> See my reply to your other post for details.

>
> Does the same go for using webstart? Any Java application (not just
> applet) that connects over the Internet?


Yes.

The only half safe way is to have end user specific accounts on the
database.

And that is not good.

And it is still not good to have direct access from the internet to the
database server.

Arne
 
Reply With Quote
 
jmDesktop
Guest
Posts: n/a
 
      05-16-2008
On May 15, 11:06*pm, Arne Vajhøj <(E-Mail Removed)> wrote:
> jmDesktop wrote:
> > On May 15, 10:42 pm, Arne Vajhøj <(E-Mail Removed)> wrote:
> >> jmDesktop wrote:
> >>> I was trying to figure out how to connect an applet to a mysql
> >>> database. *I only found very old articles on it. *It seems no one does
> >>> this. *So, now I am stuck. *I want to write a game in an applet that
> >>> utilizes a database. *I don't want to use Flash and php, which I keep
> >>> reading folks use. *I want use Java. *I just don't know the proper
> >>> design. *Do I have a middle page, a servlet, that sits on the server
> >>> the applet talks to and that middle page talks to the server and
> >>> selects/updates the database?
> >> Yes. It is bad to let the applet talk directly to the database.

>
> >> applet----(HTTP)----web app----(JDBC)----database

>
> >> is better.

>
> >> See my reply to your other post for details.

>
> > Does the same go for using webstart? *Any Java application (not just
> > applet) that connects over the Internet?

>
> Yes.
>
> The only half safe way is to have end user specific accounts on the
> database.
>
> And that is not good.
>
> And it is still not good to have direct access from the internet to the
> database server.
>
> Arne


Is that middleware piece a "servlet"?
 
Reply With Quote
 
Dave Miller
Guest
Posts: n/a
 
      05-16-2008
jmDesktop wrote:
> I was trying to figure out how to connect an applet to a mysql
> database. I only found very old articles on it. It seems no one does
> this. So, now I am stuck. I want to write a game in an applet that
> utilizes a database. I don't want to use Flash and php, which I keep
> reading folks use. I want use Java. I just don't know the proper
> design. Do I have a middle page, a servlet, that sits on the server
> the applet talks to and that middle page talks to the server and
> selects/updates the database? Thanks.

There is no play in Arnie's advice about not having your client side
code talk directly to the DB - there is no way to do that without
shooting yourself in the head.

The simplest safe way to get the data from the db on the server to your
applet on the client is to build a servlet as your middleware. MySQL has
an easy to use jdbc driver available here:
http://dev.mysql.com/downloads/connector/j/3.1.html
Both applet and servlet have built in methods for http communication.
Applet and servlet connect via http, servlet and db connect via jdbc and
you're good to go.
--
Dave Miller
Java Web Hosting at:
http://www.cheap-jsp-hosting.com/
 
Reply With Quote
 
BTDTGTTS
Guest
Posts: n/a
 
      05-16-2008
jmDesktop wrote:

> I was trying to figure out how to connect an applet to a mysql
> database. I only found very old articles on it. It seems no one does
> this. So, now I am stuck. I want to write a game in an applet that
> utilizes a database. I don't want to use Flash and php, which I keep
> reading folks use. I want use Java. I just don't know the proper
> design. Do I have a middle page, a servlet, that sits on the server
> the applet talks to and that middle page talks to the server and
> selects/updates the database? Thanks.


Other than the security aspects that have already been addressed, there is
another advantage to having a server side servlet sitting between your
applet and database. An applet can only talk to the server from which it
was loaded which means that your database must sit on your web server.
There is no such restriction on a servlet which means you can put/move your
database wherever you want it.

 
Reply With Quote
 
Silvio Bierman
Guest
Posts: n/a
 
      05-16-2008
jmDesktop wrote:
> I was trying to figure out how to connect an applet to a mysql
> database. I only found very old articles on it. It seems no one does
> this. So, now I am stuck. I want to write a game in an applet that
> utilizes a database. I don't want to use Flash and php, which I keep
> reading folks use. I want use Java. I just don't know the proper
> design. Do I have a middle page, a servlet, that sits on the server
> the applet talks to and that middle page talks to the server and
> selects/updates the database? Thanks.



Apart from statements made by other posters there is an additional thing
to consider. Typically many users who reach your applet will be using
some kind of proxy that only allows traffic targeted at certain ports
like 80/HTTP, 25/SMTP, 110/POP3 etc.
Direct database access from your applet will not only be limited to
using the same host as the one that served the applet but also to using
non-blocked ports. Most proxies will not allow traffic to the port your
DBMS flavor prefers to use.
 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      05-16-2008
On Thu, 15 May 2008 19:22:23 -0700 (PDT), jmDesktop
<(E-Mail Removed)> wrote, quoted or indirectly quoted someone
who said :

>I was trying to figure out how to connect an applet to a mysql
>database. I only found very old articles on it. It seems no one does
>this. So, now I am stuck.


normally you would do it with a Servlet intermediary that actually
does the database calls.

Having the Applet do it directly exposes the JDBC API to the wicked.

The servlet can also intelligently sift through the information
provided by JDBC to keep the traffic to a minimum.
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
Mark Space
Guest
Posts: n/a
 
      05-16-2008
jmDesktop wrote:
> On May 15, 11:06 pm, Arne Vajhøj <(E-Mail Removed)> wrote:
>>
>> The only half safe way is to have end user specific accounts on the
>> database.


>
> Is that middleware piece a "servlet"?


I was kinda confused by Arne first comment too, but "user specific
accounts" in his second reply makes it plain what he is getting at here.

If your applet or JWS program can access a database, so can anyone else.
Your database is "bare" on the 'net and anyone at all can connect to
it anytime he or she wants. It's a security hole.

So, with that in mind: servlets can be one way to implement the
protection needed on your server to prevent unauthorized access your
database.

However, especially in the case of JWS, the answer might even be
"probably not" with respect to using servlets as middleware. Certainly
it possible to write your own protection layer in Java, deamonize it,
and then let it listen for connections and provide the level of security
desired.

Servlets do have some built-in advantages. The networking code is done
for you already. Port 80 is almost always allowed on client system.
And SSL provides encryption, which will be necessary for any real form
of security. But using servlets should be weight against all other
options. It's not a given and definitely not the only choice.

Well I hope this was at least partly clear....
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bad media, bad files or bad Nero? John Computer Information 23 01-08-2008 09:17 PM
connect a database in remote server (can connect to the server via SSH) zhangxiaoyu912@gmail.com Perl Misc 2 07-18-2007 07:20 PM
ActiveX apologetic Larry Seltzer... "Sun paid for malicious ActiveX code, and Firefox is bad, bad bad baad. please use ActiveX, it's secure and nice!" (ok, the last part is irony on my part) fernando.cassia@gmail.com Java 0 04-16-2005 10:05 PM
24 Season 3 Bad Bad Bad (Spoiler) nospam@nospam.com DVD Video 12 02-23-2005 03:28 AM
24 Season 3 Bad Bad Bad (Spoiler) nospam@nospam.com DVD Video 0 02-19-2005 01:10 AM



Advertisments