This is regarding a project which I have titled as "secure connection to remote clients whereby the secure connection supports client access to database".
For this I intend to do the following things.Kindly guide me if there is something amiss.
1) The JSP will be running on the application server (Tom cat).
2) The client will run the application and ask for request form the database.
3) The JSP will get the necessary details about the query from the database.
4) It will give it to the client
Also, do you need any transport-level security in your application? You may need to enable HTTPS in Tomcat and force the client to talk via an encrypted channel.
This works well when the client is a browser, but is harder if the client is a rich client, since you have to manage the client support for encryption and authentication yourself.
I'm wondering if having a JSP as the interface is the correct way to go. A Servlet would be better, but they are forcing you to communicate over HTTP. I was thinking about providing an EJB as the remote interface and allowing remove connections to this instead. You can still require clients to authenticate, but communication is RMI rather than HTTP. I believe it would make the client significantly easier to write.
Originally posted by David O'Meara:
On the server side, if you use a JSP or Servlet to protect your database, clients must send their requests as HTTP. This isn't too bad to do simple operations, but can get difficult if you need to roll your own authentication and encryption on the client.
Thanks for the information Dave,
As you have advised I will be using the Servlet concept rather than the JSP concept(i am new to both..).As it stands,the database connection(java program) will be running on the servlet(server)and the interactive forms that may be present will be running on/from the client.Talk about the connection later.
Am I in the correct direction regarding this.