hi all, This is regarding a project which I have titled as "secure connection to remote clients whereby the secure connection supports client access to database". For this I intend to do the following things.Kindly guide me if there is something amiss. 1) The JSP will be running on the application server (Tom cat). 2) The client will run the application and ask for request form the database. 3) The JSP will get the necessary details about the query from the database. 4) It will give it to the client
Where is the 'secure connection'? What prevents anyone on the net from making a request to the same JSP and getting data back? Also, do you need any transport-level security in your application? You may need to enable HTTPS in Tomcat and force the client to talk via an encrypted channel. Dave
Thanks for the reply Dave. I was just thinking about a way to go about the design I am not sure as how to proceed with the necessary design.It would be really very nice if you could help me with it. I am not sure whether this is the right way to ask. Thanking you nash
Ignoring the client application for the moment, web applications have built in support for authentication and encryption. If the client was a browser, you could encrypt all traffic and force the client to go through a login screen so that they are authenticated before you give them any data. This works well when the client is a browser, but is harder if the client is a rich client, since you have to manage the client support for encryption and authentication yourself. I'm wondering if having a JSP as the interface is the correct way to go. A Servlet would be better, but they are forcing you to communicate over HTTP. I was thinking about providing an EJB as the remote interface and allowing remove connections to this instead. You can still require clients to authenticate, but communication is RMI rather than HTTP. I believe it would make the client significantly easier to write. Dave
On the server side, if you use a JSP or Servlet to protect your database, clients must send their requests as HTTP. This isn't too bad to do simple operations, but can get difficult if you need to roll your own authentication and encryption on the client.
Originally posted by David O'Meara: On the server side, if you use a JSP or Servlet to protect your database, clients must send their requests as HTTP. This isn't too bad to do simple operations, but can get difficult if you need to roll your own authentication and encryption on the client.
Thanks for the information Dave, As you have advised I will be using the Servlet concept rather than the JSP concept(i am new to both..).As it stands,the database connection(java program) will be running on the servlet(server)and the interactive forms that may be present will be running on/from the client.Talk about the connection later. Am I in the correct direction regarding this. Thanking you nash