aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes ISPs, EJB, databases and Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "ISPs, EJB, databases and Security" Watch "ISPs, EJB, databases and Security" New topic
Author

ISPs, EJB, databases and Security

Siegfried Heintze
Ranch Hand

Joined: Aug 11, 2000
Posts: 388
As part of my search for angel money, I would like to prototype an I idea for an internet application. This application would allow doctors, lawyers and other professionals to store sensitive information on a public web server and selectively constrain who can access it and when they can access it.
Here is what I have learned:
(1) EJB seems to be a good candidate because (as explained on page 71+ of Richard Monson-Haefel's book) it supports authentication (via JNDI), access control (=authorization?) and secure client-server communication.
(2) www.ejip.net is an ISP that will supports EJB for $120/mo. This is a nice alternative to $6K for a EJB server + ~$1000 for Oracle + $100/mo to co-locate a server + $2K for hardware (=~$9K + $100/mo - ouch!).
(3) The few ISPs that offer database will not give me multiple database accounts. I figure that I need a different database account for each lawyer or doctor that wants to store sensitive info on my web site.
Here are my questions:
(1) Do I need a separate database account for each doctor or lawyer to exploit the security features of EJB? (www.ejip.com said no, I have one master password and I have to implement the concept of a secure sub-accounts in my own java code - yuck!). If so, where is an ISP that allow me to have 1000 database accounts - one for each doctor or lawyer?
(2) Will EJB allow me to keep my client's data private?
(3) What are some other ISPs that offer EJB?
I realize that any imformation stored on a public web site will never be as secure information stored under lock and key. I'm anticipating that my clients would only store mildly sensitive information on the public web site such as their travel/ appointment schedules so they can rendezvous with their collegues.
Thank you very much!
Siegfried
 
Consider Paul's rocket mass heater.
 
subject: ISPs, EJB, databases and Security