 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / May 2008Does using a CMS to manage security to an applet make sense?
I want a website that is a CMS, has usernames, password. The "normal" security system stuff. I know there are a multitude, just assume that people create accounts and the credentials are stored in a MySQL database. I also have an applet that will reside on one of the pages. That applet will require a username and password. Can the applet use JDBC to query the same database and get the credential information and make the decision to continue or fail? Is it possible to pass the credentials used by the CMS to the Applet so I don't have a double logon? The main reason I ask is because I didn't want to build an admin interface to manage user when so many web options are out there. I didn't want to reinvent the wheel. I don't want a double logon procedure either though. Thanks. > I want a website that is a CMS, has usernames, password. The "normal" > security system stuff. I know there are a multitude, just assume that [quoted text clipped - 12 lines] > didn't want to reinvent the wheel. I don't want a double logon > procedure either though. If you can live with that: - direct access to the database from the outside - people can decompile your applet and read the database username and password - people can decompile the applet, remove the security checks, rebuild it and run the modified version then: yes. Else: no. I would go for: applet----(HTTP)----web app----(JDBC)----database Arne Arne Vajhřj wrote: > > I want a website that is a CMS, has usernames, password. The "normal" > > security system stuff. I know there are a multitude, just assume that [quoted text clipped - 28 lines] > > Arne I would change it to applet----(HTTPS)----web app----(JDBC)----database You can get a certificate signed by CACert[1] for free. [1] <http://www.cacert.org>  SignatureSabine Dinis Blochberger Op3racional www.op3racional.eu > Arne Vajhřj wrote: >> I would go for: [quoted text clipped - 5 lines] > > You can get a certificate signed by CACert[1] for free. Since there will be send a username/password, then HTTPS would be a good thing. Arne On Thu, 15 May 2008 18:47:30 -0700 (PDT), jmDesktop <needin4mation@gmail.com> wrote, quoted or indirectly quoted someone who said : >I also have an applet that will reside on one of the pages When considering this, presume some brat has decompiled your Applet and used that knowledge to create a substitute Applet that causes as much havoc as possible. You thus need two layers of security, in the Applet and in the Server. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com On Thu, 15 May 2008 18:47:30 -0700 (PDT), jmDesktop <needin4mation@gmail.com> wrote, quoted or indirectly quoted someone who said : >I also have an applet that will reside on one of the pages. see http://mindprod.com/jgloss/jdbc.html#APPLETS SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com > I want a website that is a CMS, has usernames, password. The "normal" This is a tangent, but I'm curious: which CMS are you using? Just to explain my query a bit further: Java has a fair number of CMS system available, although they can be hard to locate. Here's one good link I've found: <http://java-source.net/open-source/content-managment-systems> > > I want a website that is a CMS, has usernames, password. The "normal" > [quoted text clipped - 5 lines] > > <http://java-source.net/open-source/content-managment-systems> I don't have a CMS yet. I haven't decided on any of it. I'm just learning more about all of Sun's technology and it's daunting at the moment. I don't know if if helps me or complicates matters for me. It is yet another framework for me to learn, but I knew that already. Thanks for the link. I am sure it will be useful. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.