Does using a CMS to manage security to an applet make sense?

[jmDesktop]

I want a website that is a CMS, has usernames, password. The "normal"
security system stuff. I know there are a multitude, just assume that
people create accounts and the credentials are stored in a MySQL
database.

I also have an applet that will reside on one of the pages. That
applet will require a username and password. Can the applet use JDBC
to query the same database and get the credential information and make
the decision to continue or fail? Is it possible to pass the
credentials used by the CMS to the Applet so I don't have a double
logon?

The main reason I ask is because I didn't want to build an admin
interface to manage user when so many web options are out there. I
didn't want to reinvent the wheel. I don't want a double logon
procedure either though.

Thanks.

 

[Arne Vajhøj]

I want a website that is a CMS, has usernames, password. The "normal"
security system stuff. I know there are a multitude, just assume that
people create accounts and the credentials are stored in a MySQL
database.

I also have an applet that will reside on one of the pages. That
applet will require a username and password. Can the applet use JDBC
to query the same database and get the credential information and make
the decision to continue or fail? Is it possible to pass the
credentials used by the CMS to the Applet so I don't have a double
logon?

The main reason I ask is because I didn't want to build an admin
interface to manage user when so many web options are out there. I
didn't want to reinvent the wheel. I don't want a double logon
procedure either though.

If you can live with that:
- direct access to the database from the outside
- people can decompile your applet and read the database
username and password
- people can decompile the applet, remove the security checks,
rebuild it and run the modified version
then: yes.

Else: no.

I would go for:

applet----(HTTP)----web app----(JDBC)----database

Arne

 

[Roedy Green]

I also have an applet that will reside on one of the pages

When considering this, presume some brat has decompiled your Applet
and used that knowledge to create a substitute Applet that causes as
much havoc as possible.

You thus need two layers of security, in the Applet and in the Server.

 

[Roedy Green]

I also have an applet that will reside on one of the pages.

see http://mindprod.com/jgloss/jdbc.html#APPLETS

 

[Mark Space]

I want a website that is a CMS, has usernames, password. The "normal"

This is a tangent, but I'm curious: which CMS are you using? Just to
explain my query a bit further: Java has a fair number of CMS system
available, although they can be hard to locate.

Here's one good link I've found:

<http://java-source.net/open-source/content-managment-systems>

 

[jmDesktop]

This is a tangent, but I'm curious: which CMS are you using?  Just to
explain my query a bit further: Java has a fair number of CMS system
available, although they can be hard to locate.

Here's one good link I've found:

<http://java-source.net/open-source/content-managment-systems>

I don't have a CMS yet. I haven't decided on any of it. I'm just
learning more about all of Sun's technology and it's daunting at the
moment. I don't know if if helps me or complicates matters for me.
It is yet another framework for me to learn, but I knew that already.
Thanks for the link. I am sure it will be useful.

 

[Arne Vajhøj]

I would go for:

applet----(HTTP)----web app----(JDBC)----database

I would change it to
applet----(HTTPS)----web app----(JDBC)----database

You can get a certificate signed by CACert[1] for free.

Since there will be send a username/password, then
HTTPS would be a good thing.

Arne