Help! Applet access remote database

[ithaca]

Hi,

I have an applet which I want to put on the client side. The main function
of this applet is to query database and draw some graphic navigation
interface. It works fine when I tested with application.However once I
changed it to applet, it has error( Java.security.AccessControl
Exception:Access Denied, Java.net.socket Permission "my db server address"
resolve). I know it is caused by java sand box security problem. I also
learned online that the possible solution is to use signed applet or RMI, Or
use applet +servlet.

My question is what is the best solution without least change?
Thanks a lot!

 

[Andrew Thompson]

I have an applet which I want to put on the client side. The main function
of this applet is to query database ....
changed it to applet, it has error( Java.security.AccessControl
Exception:Access Denied, Java.net.socket Permission "my db server address"
resolve). I know it is caused by java sand box security problem. I also
learned online that the possible solution is to use signed applet or RMI, Or
use applet +servlet.

Signed applet delivered using WebStart
would require the least changes to the
applet (i.e. none to the applet code),
though some combination of applet/servlet
may produce better results depending on
the details of your spec.

 

[ithaca]

Thanks for the help.
Signed applet will have serious security problem, right?

 

[Andrew Thompson]

Thanks for the help.
Signed applet will have serious security problem, right?

Wrong, why not RTFM?

 

[Ike]

Even if it is signed, you wont be able to access the remote database with an
Applet, contrary to what anyone may tell you. What you must do is
communicate with a servlet as an intermediary to the database. Applet calls
servlet for data, servlet gets it from the database, sends it back to
applet.

Trying to access a remotre database from an applet any other way won't
fly. -Ike

 

[Sudsy]

Even if it is signed, you wont be able to access the remote database with an
Applet, contrary to what anyone may tell you. What you must do is
communicate with a servlet as an intermediary to the database. Applet calls
servlet for data, servlet gets it from the database, sends it back to
applet.

So perhaps I'm one of the "anyone". If your applet is given the
requisite permissions then it can establish a connection with
ANY host. Using a proxy server on the machine which sourced the
applet is another option but not the only one.

 

[Chris Uppal]

If your applet is given the
requisite permissions then it can establish a connection with
ANY host.

I'm not contradicting you, but does anyone do this in practice ?

I'm finding it hard to imagine a scenario where I could expect users to be
willing (and able) to modify the permissions, and none that wouldn't be better
served by a standalone application (maybe WebStart-ed).

-- chris

 

[Ike]

True. But I had wasted a good deal of time under the notion that simply
because an applet was signed, it could communicate with a database on the
server that served it up - a connection I could never make. Furthermore, I
lost a good deal of time with an open source report generating tool that
claimed it "could be integrated into an applet." Finally, I realised there
wasn't any shortcut in communicating directly from signed applet to a
database on the internet, even if on the same server, without going through
a servlet. -Ike

 

[Michael Borgwardt]

True. But I had wasted a good deal of time under the notion that simply
because an applet was signed, it could communicate with a database on the
server that served it up

It doesn't even need to be signed for that.

- a connection I could never make.

Then you did something wrong.

claimed it "could be integrated into an applet." Finally, I realised there
wasn't any shortcut in communicating directly from signed applet to a
database on the internet, even if on the same server, without going through
a servlet.

You are mistaken. It's prefectly possible for even an unsigned applet to
connect directly to a DB running on the server that served it, as long
as it has the necessary DB driver, login and passwords and no firewall
blocks it. I suspect that in your case there simply was a firewall blocking
non-local access to the DB, which is a sensible thing to do exactly because
the applet would have to contain the DB password which could be extracted
from it by anyone with some technical knowledge and used to **** up the DB.

So you don't *have* to go through a servlet - but you should, for security
reasons.