Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JDBC in applets

 
Gotham Sewani
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to make an applet which directly accesses a MySql database. The database is on the same server from which the applet has been downloaded. Now the problem I am facing is with regard to drivers.
I use the Class.forName() method to load the drivers.
Now what changes do I need to make to the
1. Applet code
2. The Applet tag
3. The client machine
4. The server
to make this method work?
I tried changing the codebase attribute and unjarring the jar file containing the driver class file,but still it was throwing a ClassNotFound error. Please help me.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The only changes you need to make concern the applet tag. It needs to have an archive attribute that references the jar file of the driver (which needs to be in the same directory as the applet itself). Don't unjar that file into its constituent classes.

<applet name="..." code="..." archive="myApplet.jar,mySqlDriver.jar" ...
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34681
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moving to our applets forum since it has more to do with applets/classpaths than JDBC.
 
Gotham Sewani
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One more question related to applets and JDBC.
Would it be advisable to use applets for directly communicating with the database server?
What security risks would it pose?
One,which I can think of is that I am passing the root password of the database server as an argument to the getConnection() method in my code.Now since applets are run on the clients machine,it might be possible that the client gets hold of the class files and decompiles them to get the password.
Is there any remedy to this?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You hit the nail on the head - that is precisely the one huge security problem with using JDBC in applets. It may be acceptable in an intranet setting, but I'd recommend not to use JDBC over the public Internet. (An exception may be for clients that perform read-only operations exclusively, and you're using an account that prohibits all change operations. It's debatable, though.)

No decompiling is even necessary - unless SSL is used, all SQL data is transmitted in clear text, so a simple TCP/IP sniffer can record the traffic.

And, of course, never use the DB root password - always create an account that is used only for that particular client, which has only the rights necessary for that client type.
 
Raj
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
dude are you using pure awt bcs i cant connect my databse to an awt applet
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using AWT or Swing has nothing to do with whether JDBC works or not. Let's continue the discussion here.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic