hi liliana,
i would not prefer writing
JDBC connection code in the applet due to following things,
1. client machine will have to have the JDBC driver we are using (we can include that in the JAR file for the applet but that might grow big you know and applet will take time to get downloaded and eat the up client side JVM memory)
2. if the database host is diffirent than the applet host machine then we have to provide permissions on client machine in java.policy file for the socket connection etc...
i think the <applet>+<some other entity on the server side>+<data transfer mechanism> between applet and the sever side entity solutions works fine.
e.g. we can have following things,
1. applet,
2. servlet (or
JSP or ASP or something) to communicate data with the applet
3. XML is our data transfer protocol btween applet/servlet
applet sends data to be dumped in the database in XML format to a servlet then servlet communicates with the database to perform operations and it works the similar way for database data requests from the applet...
i hope you got the point i am trying to make...
if you use this servlet or something then the only security issue would come if you are passing critical data between applet and servlet (but that would be there even if you put JDBC connection in the applet, right?)...
others, please throw more light on the security issue in any mechanism we adopt to have applet communicating with the database...i'm not much experienced in these security things...
regards
maulin