My Javaapplet is designed to read data from a database and display it to the user using several external visualisation libraries.
After spending hours on fixing security issues I think I have resolved them by now. At least, I am not getting errors in the console anymore.
My program uses the below code to connect to the DB and it just hangs on Drivermanager.getConnection. I have waited for at least 10 minutes and no errors show up.
the sqljdbc4.jar is included in the main jar, all jars are signed, I access the applet through Chrome and the dll-driver file is also present in the Main jar. Any idea what could be causing this? I know that applet and database have to reside on the same ip and they do (at least: my sql server is running on my laptop and my code is running in the wwwroot of my IIS on the same laptop).
Thanks for your replies! The programming is executing because it loads the required settings from a file on the server. It then prints every statement I insert up until
In wireshark, what should I be looking for ? there is a lot of output.
Anything that goes to the DB server's IP address would be of interest. Assuming that no other process on your machine accesses that server at that time, it would prove that the applet is actually trying to access the DB.
The ip of my machine is 192.168.0.172. The server is running on my pc so I guess its the same? If not, how can I find out? Because if it's ip is different ip from my localhost it could explain the problems I'm having.
I connect to the server with the server-variable: localhost. I am running it locally as long as it is in development. The idea is to deploy it later on to a server that can be accessed through the internet. The database will reside on that same server.
If both are running on the same machine then WireShark is of no use (it can't capture that traffic).
You should not use JDBC in applets that run over the internet (as opposed to an intranet) - that's considered a substantial security risk, as it opens up the DB to traffic from around the net. Better to use a proxy that is accessed via HTTP from the applet, and which in turn accesses the DB via JDBC.
So if I understand correctly, it is best to have my database, a man in the middle, and my applet? Where the man in the middle gets HTTP requests from the applet, passes the request to the database, gets the data back and feeds it to the applet which in turn does stuff with it?
If so, how would such a thing look like? Do you know of any good tutorials? My apologies for the amount of questions but I am a noob when it comes to bringing Java to the net. Therefore, I have no idea how to put the theory into effect. Thanks again!
edit I am using this applet solely for demo purposes, so if it is possible to do this with the JDBC driver and without a proxy this would be preferred. I am just not sure why the applet is not connecting since I have gone through signing the applet and such.
When running the applet in appletviewer, it uses the sqljdbc_auth.dll driver file to make the connection. Without this file it doesn't work. Could it be that the applet can't find this file for some reason? Or that the file is not in the right location? It is not loaded explicitly in my code.
Yes, your understanding is correct. That way you also don't need to worry about installing DB drivers with the applet, or having to deal with signing the applet (assuming that the DB proxy runs on the same server where the applet is hosted).
I'd probably use a RESTful web service for the server side (something like the JAX-RS API if it's written in Java). But there's no reason the proxy couldn't be written in PHP or some other server-side language that happens to run on that server.
You might also look into using a JavaWebStart application (JNLP is the keyword here) instead of an applet; they have some deployment benefits, and -after the initial installation- can be run without having to revisit a particular web page.
Sorry if I have been unclear, but my current applet is coded in Netbeans and deployed using webstart. It creates the html, jnlp etc files for me in the `dist` folder after which I copy them to the wwwroot folder and run them.
Finally something more useful, through extended logging I got the following messages. After these messages I get the nullpointer exception when trying to query the database because no connection has been created.