Does using a CMS to manage security to an applet make sense?

Discussion in 'Java' started by jmDesktop, May 16, 2008.

  1. jmDesktop

    jmDesktop Guest

    I want a website that is a CMS, has usernames, password. The "normal"
    security system stuff. I know there are a multitude, just assume that
    people create accounts and the credentials are stored in a MySQL
    database.

    I also have an applet that will reside on one of the pages. That
    applet will require a username and password. Can the applet use JDBC
    to query the same database and get the credential information and make
    the decision to continue or fail? Is it possible to pass the
    credentials used by the CMS to the Applet so I don't have a double
    logon?

    The main reason I ask is because I didn't want to build an admin
    interface to manage user when so many web options are out there. I
    didn't want to reinvent the wheel. I don't want a double logon
    procedure either though.

    Thanks.
    jmDesktop, May 16, 2008
    #1
    1. Advertising

  2. jmDesktop

    Arne Vajhøj Guest

    jmDesktop wrote:
    > I want a website that is a CMS, has usernames, password. The "normal"
    > security system stuff. I know there are a multitude, just assume that
    > people create accounts and the credentials are stored in a MySQL
    > database.
    >
    > I also have an applet that will reside on one of the pages. That
    > applet will require a username and password. Can the applet use JDBC
    > to query the same database and get the credential information and make
    > the decision to continue or fail? Is it possible to pass the
    > credentials used by the CMS to the Applet so I don't have a double
    > logon?
    >
    > The main reason I ask is because I didn't want to build an admin
    > interface to manage user when so many web options are out there. I
    > didn't want to reinvent the wheel. I don't want a double logon
    > procedure either though.


    If you can live with that:
    - direct access to the database from the outside
    - people can decompile your applet and read the database
    username and password
    - people can decompile the applet, remove the security checks,
    rebuild it and run the modified version
    then: yes.

    Else: no.

    I would go for:

    applet----(HTTP)----web app----(JDBC)----database

    Arne
    Arne Vajhøj, May 16, 2008
    #2
    1. Advertising

  3. jmDesktop

    Roedy Green Guest

    On Thu, 15 May 2008 18:47:30 -0700 (PDT), jmDesktop
    <> wrote, quoted or indirectly quoted someone
    who said :

    >I also have an applet that will reside on one of the pages


    When considering this, presume some brat has decompiled your Applet
    and used that knowledge to create a substitute Applet that causes as
    much havoc as possible.

    You thus need two layers of security, in the Applet and in the Server.
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, May 16, 2008
    #3
  4. jmDesktop

    Roedy Green Guest

    Roedy Green, May 16, 2008
    #4
  5. jmDesktop

    Mark Space Guest

    jmDesktop wrote:
    > I want a website that is a CMS, has usernames, password. The "normal"
    >


    This is a tangent, but I'm curious: which CMS are you using? Just to
    explain my query a bit further: Java has a fair number of CMS system
    available, although they can be hard to locate.

    Here's one good link I've found:

    <http://java-source.net/open-source/content-managment-systems>
    Mark Space, May 16, 2008
    #5
  6. jmDesktop

    jmDesktop Guest

    On May 16, 3:31 pm, Mark Space <> wrote:
    > jmDesktop wrote:
    > > I want a website that is a CMS, has usernames, password.  The "normal"

    >
    > This is a tangent, but I'm curious: which CMS are you using?  Just to
    > explain my query a bit further: Java has a fair number of CMS system
    > available, although they can be hard to locate.
    >
    > Here's one good link I've found:
    >
    > <http://java-source.net/open-source/content-managment-systems>


    I don't have a CMS yet. I haven't decided on any of it. I'm just
    learning more about all of Sun's technology and it's daunting at the
    moment. I don't know if if helps me or complicates matters for me.
    It is yet another framework for me to learn, but I knew that already.
    Thanks for the link. I am sure it will be useful.
    jmDesktop, May 17, 2008
    #6
  7. Sabine Dinis Blochberger wrote:
    > Arne Vajhřj wrote:
    >> I would go for:
    >>
    >> applet----(HTTP)----web app----(JDBC)----database

    >
    > I would change it to
    > applet----(HTTPS)----web app----(JDBC)----database
    >
    > You can get a certificate signed by CACert[1] for free.


    Since there will be send a username/password, then
    HTTPS would be a good thing.

    Arne
    Arne Vajhøj, May 17, 2008
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil Sandler

    NULLs from SQL--does this make sense?

    Phil Sandler, Aug 19, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    320
    Phil Sandler
    Aug 19, 2004
  2. Jason
    Replies:
    0
    Views:
    337
    Jason
    Oct 12, 2004
  3. Timo Nentwig
    Replies:
    31
    Views:
    1,182
    Chris Smith
    May 13, 2004
  4. milkyway

    Does this make sense?

    milkyway, Dec 2, 2004, in forum: Java
    Replies:
    0
    Views:
    367
    milkyway
    Dec 2, 2004
  5. Manage links in CMS

    , Sep 30, 2008, in forum: ASP .Net
    Replies:
    1
    Views:
    325
    Alexey Smirnov
    Sep 30, 2008
Loading...

Share This Page