File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes EJB and other Java EE Technologies and the fly likes JMS newbie - security question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "JMS newbie - security question" Watch "JMS newbie - security question" New topic
Author

JMS newbie - security question

John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Hello:

I am thinking about implementing a JMS system whereby database connection information would be transported within messages. Is there something
inherently unsafe about this? If so, what is the best method to secure these messages?

Thanks
Eric
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3716
    
    5

Yes? Well my question is why are you transmitting database information in a message? The J2EE should have its connections managed via connection pools, ergo, all database connections should be setup ahead of time. The only thing that the message might be 'which' database to use, not the full connection string.


My Blog: Down Home Country Coding with Scott Selikoff
John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Well, here's the situation. We have a bunch of small web apps that don't use pooling, they just directly connect to databases. Users can choose whether to run against production or staging. So there will be two sets of connection parameters needed by these applications. We would rather not keep this information within the individual apps for maintenance purposes. And we don't want these apps to all ask a database for the connection parameters (duplication of code).

So we want our logic in one place and give it the ability to communicate to all these small apps the database information needed.


Eric
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3716
    
    5

How often are you changing databases and how many databases are there? Keep in mind this forum is about EJBs, where direct access to the database is not common (other than in BMPs). If it were me, I'd either set up all databases in a connection pool on each local server, or write a good deployment script that fixes the database when the EAR is launched.

It sounds like you might need help in the JDBC forum, as what your describing isn't really a J2EE pattern.
John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
There many, many schemas, one for each customer. The choice between production or staging takes place at runtime so it may switch back and forth over a period of seconds, in theory.

It's a pain in the butt. I guess I could start pooling on every single app, setting up a pool for each database. It's a mess any way you look at it.

Eric
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3716
    
    5

It's not so bad if you write good build/deployment scripts. It can automate the process a lot.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JMS newbie - security question