• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

help wanted

 
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi all,
This is regarding a project which I have titled as "secure connection to remote clients whereby the secure connection supports client access to database".
For this I intend to do the following things.Kindly guide me if there is something amiss.
1) The JSP will be running on the application server (Tom cat).
2) The client will run the application and ask for request form the database.
3) The JSP will get the necessary details about the query from the database.
4) It will give it to the client

thanking you
nash
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Where is the 'secure connection'? What prevents anyone on the net from making a request to the same JSP and getting data back?
Also, do you need any transport-level security in your application? You may need to enable HTTPS in Tomcat and force the client to talk via an encrypted channel.
Dave
 
nash avin
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the reply Dave.
I was just thinking about a way to go about the design
I am not sure as how to proceed with the necessary design.It would be really very nice if you could help me with it.
I am not sure whether this is the right way to ask.
Thanking you
nash
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ignoring the client application for the moment, web applications have built in support for authentication and encryption. If the client was a browser, you could encrypt all traffic and force the client to go through a login screen so that they are authenticated before you give them any data.
This works well when the client is a browser, but is harder if the client is a rich client, since you have to manage the client support for encryption and authentication yourself.
I'm wondering if having a JSP as the interface is the correct way to go. A Servlet would be better, but they are forcing you to communicate over HTTP. I was thinking about providing an EJB as the remote interface and allowing remove connections to this instead. You can still require clients to authenticate, but communication is RMI rather than HTTP. I believe it would make the client significantly easier to write.
Dave
 
nash avin
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dave,
thanks a bunch for the prompt reply.
I didnt get you when you said "but they are forcing you to communicate over HTTP" ?.
Kindly do elaborate on this.
thanks in advance
nash
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On the server side, if you use a JSP or Servlet to protect your database, clients must send their requests as HTTP. This isn't too bad to do simple operations, but can get difficult if you need to roll your own authentication and encryption on the client.
 
nash avin
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by David O'Meara:
On the server side, if you use a JSP or Servlet to protect your database, clients must send their requests as HTTP. This isn't too bad to do simple operations, but can get difficult if you need to roll your own authentication and encryption on the client.


Thanks for the information Dave,
As you have advised I will be using the Servlet concept rather than the JSP concept(i am new to both..).As it stands,the database connection(java program) will be running on the servlet(server)and the interactive forms that may be present will be running on/from the client.Talk about the connection later.
Am I in the correct direction regarding this.
Thanking you
nash
 
reply
    Bookmark Topic Watch Topic
  • New Topic