OK, this is a somewhat complicated situation. We are implementing a package customer care solution where we can only change the JDBC driver without rewriting significant amounts of the product's code. The problem is that for security reasons, sensitive data must be stored in the secure zone. This packaged application is in an unsecure zone. The package implementation needs access to this sensitive data. Data can only flow like this : secure -> unsecure JMS is used to tell the secure zone when the unsecure zone wants data. So the flows look something like this:
unsecure --JMS request for data --> secure unsecure <--JMS response with data-- secure
Given that I can only change the JDBC parameters (driver, etc.) and not the code, how can I still meet the security standards? Option 1 - One thought we had is to use a JMS connector on the URL or port in the JDBC driver URL. This connector could then get the DB info from the secure zone and send it back to the package application. I have serious doubts that this will work. Option 2 - A similar idea is that maybe we could set up a servlet to receive the JDBC requests based upon the URL or port number. This servlet could then do the JMS call to the secure zone, get the data and return it to the package application. I also think this option has some flaws and am not sure it would work either. Does anyone who is more of a JMS or JDBC expert have any ideas? Any comments or feedback would be greatly appreciated. Thanks in advance.
John C. Cummins<br />Sun Certified Programmer for Java 2<br />Sun Certified Web Components Developer<br />IBM Certified WebSphere Portal 5 Developer