Is it bad to connect to a database via an applet?

Discussion in 'Java' started by jmDesktop, May 16, 2008.

  1. jmDesktop

    jmDesktop Guest

    I was trying to figure out how to connect an applet to a mysql
    database. I only found very old articles on it. It seems no one does
    this. So, now I am stuck. I want to write a game in an applet that
    utilizes a database. I don't want to use Flash and php, which I keep
    reading folks use. I want use Java. I just don't know the proper
    design. Do I have a middle page, a servlet, that sits on the server
    the applet talks to and that middle page talks to the server and
    selects/updates the database? Thanks.
     
    jmDesktop, May 16, 2008
    #1
    1. Advertising

  2. jmDesktop

    Arne Vajhøj Guest

    jmDesktop wrote:
    > I was trying to figure out how to connect an applet to a mysql
    > database. I only found very old articles on it. It seems no one does
    > this. So, now I am stuck. I want to write a game in an applet that
    > utilizes a database. I don't want to use Flash and php, which I keep
    > reading folks use. I want use Java. I just don't know the proper
    > design. Do I have a middle page, a servlet, that sits on the server
    > the applet talks to and that middle page talks to the server and
    > selects/updates the database?


    Yes. It is bad to let the applet talk directly to the database.

    applet----(HTTP)----web app----(JDBC)----database

    is better.

    See my reply to your other post for details.

    Arne
     
    Arne Vajhøj, May 16, 2008
    #2
    1. Advertising

  3. jmDesktop

    jmDesktop Guest

    On May 15, 10:42 pm, Arne Vajhøj <> wrote:
    > jmDesktop wrote:
    > > I was trying to figure out how to connect an applet to a mysql
    > > database.  I only found very old articles on it.  It seems no one does
    > > this.  So, now I am stuck.  I want to write a game in an applet that
    > > utilizes a database.  I don't want to use Flash and php, which I keep
    > > reading folks use.  I want use Java.  I just don't know the proper
    > > design.  Do I have a middle page, a servlet, that sits on the server
    > > the applet talks to and that middle page talks to the server and
    > > selects/updates the database?

    >
    > Yes. It is bad to let the applet talk directly to the database.
    >
    > applet----(HTTP)----web app----(JDBC)----database
    >
    > is better.
    >
    > See my reply to your other post for details.
    >
    > Arne


    Does the same go for using webstart? Any Java application (not just
    applet) that connects over the Internet?
     
    jmDesktop, May 16, 2008
    #3
  4. jmDesktop

    Arne Vajhøj Guest

    jmDesktop wrote:
    > On May 15, 10:42 pm, Arne Vajhøj <> wrote:
    >> jmDesktop wrote:
    >>> I was trying to figure out how to connect an applet to a mysql
    >>> database. I only found very old articles on it. It seems no one does
    >>> this. So, now I am stuck. I want to write a game in an applet that
    >>> utilizes a database. I don't want to use Flash and php, which I keep
    >>> reading folks use. I want use Java. I just don't know the proper
    >>> design. Do I have a middle page, a servlet, that sits on the server
    >>> the applet talks to and that middle page talks to the server and
    >>> selects/updates the database?

    >> Yes. It is bad to let the applet talk directly to the database.
    >>
    >> applet----(HTTP)----web app----(JDBC)----database
    >>
    >> is better.
    >>
    >> See my reply to your other post for details.

    >
    > Does the same go for using webstart? Any Java application (not just
    > applet) that connects over the Internet?


    Yes.

    The only half safe way is to have end user specific accounts on the
    database.

    And that is not good.

    And it is still not good to have direct access from the internet to the
    database server.

    Arne
     
    Arne Vajhøj, May 16, 2008
    #4
  5. jmDesktop

    jmDesktop Guest

    On May 15, 11:06 pm, Arne Vajhøj <> wrote:
    > jmDesktop wrote:
    > > On May 15, 10:42 pm, Arne Vajhøj <> wrote:
    > >> jmDesktop wrote:
    > >>> I was trying to figure out how to connect an applet to a mysql
    > >>> database.  I only found very old articles on it.  It seems no one does
    > >>> this.  So, now I am stuck.  I want to write a game in an applet that
    > >>> utilizes a database.  I don't want to use Flash and php, which I keep
    > >>> reading folks use.  I want use Java.  I just don't know the proper
    > >>> design.  Do I have a middle page, a servlet, that sits on the server
    > >>> the applet talks to and that middle page talks to the server and
    > >>> selects/updates the database?
    > >> Yes. It is bad to let the applet talk directly to the database.

    >
    > >> applet----(HTTP)----web app----(JDBC)----database

    >
    > >> is better.

    >
    > >> See my reply to your other post for details.

    >
    > > Does the same go for using webstart?  Any Java application (not just
    > > applet) that connects over the Internet?

    >
    > Yes.
    >
    > The only half safe way is to have end user specific accounts on the
    > database.
    >
    > And that is not good.
    >
    > And it is still not good to have direct access from the internet to the
    > database server.
    >
    > Arne


    Is that middleware piece a "servlet"?
     
    jmDesktop, May 16, 2008
    #5
  6. jmDesktop

    Dave Miller Guest

    jmDesktop wrote:
    > I was trying to figure out how to connect an applet to a mysql
    > database. I only found very old articles on it. It seems no one does
    > this. So, now I am stuck. I want to write a game in an applet that
    > utilizes a database. I don't want to use Flash and php, which I keep
    > reading folks use. I want use Java. I just don't know the proper
    > design. Do I have a middle page, a servlet, that sits on the server
    > the applet talks to and that middle page talks to the server and
    > selects/updates the database? Thanks.

    There is no play in Arnie's advice about not having your client side
    code talk directly to the DB - there is no way to do that without
    shooting yourself in the head.

    The simplest safe way to get the data from the db on the server to your
    applet on the client is to build a servlet as your middleware. MySQL has
    an easy to use jdbc driver available here:
    http://dev.mysql.com/downloads/connector/j/3.1.html
    Both applet and servlet have built in methods for http communication.
    Applet and servlet connect via http, servlet and db connect via jdbc and
    you're good to go.
    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
     
    Dave Miller, May 16, 2008
    #6
  7. jmDesktop

    BTDTGTTS Guest

    jmDesktop wrote:

    > I was trying to figure out how to connect an applet to a mysql
    > database. I only found very old articles on it. It seems no one does
    > this. So, now I am stuck. I want to write a game in an applet that
    > utilizes a database. I don't want to use Flash and php, which I keep
    > reading folks use. I want use Java. I just don't know the proper
    > design. Do I have a middle page, a servlet, that sits on the server
    > the applet talks to and that middle page talks to the server and
    > selects/updates the database? Thanks.


    Other than the security aspects that have already been addressed, there is
    another advantage to having a server side servlet sitting between your
    applet and database. An applet can only talk to the server from which it
    was loaded which means that your database must sit on your web server.
    There is no such restriction on a servlet which means you can put/move your
    database wherever you want it.
     
    BTDTGTTS, May 16, 2008
    #7
  8. jmDesktop wrote:
    > I was trying to figure out how to connect an applet to a mysql
    > database. I only found very old articles on it. It seems no one does
    > this. So, now I am stuck. I want to write a game in an applet that
    > utilizes a database. I don't want to use Flash and php, which I keep
    > reading folks use. I want use Java. I just don't know the proper
    > design. Do I have a middle page, a servlet, that sits on the server
    > the applet talks to and that middle page talks to the server and
    > selects/updates the database? Thanks.



    Apart from statements made by other posters there is an additional thing
    to consider. Typically many users who reach your applet will be using
    some kind of proxy that only allows traffic targeted at certain ports
    like 80/HTTP, 25/SMTP, 110/POP3 etc.
    Direct database access from your applet will not only be limited to
    using the same host as the one that served the applet but also to using
    non-blocked ports. Most proxies will not allow traffic to the port your
    DBMS flavor prefers to use.
     
    Silvio Bierman, May 16, 2008
    #8
  9. jmDesktop

    Roedy Green Guest

    On Thu, 15 May 2008 19:22:23 -0700 (PDT), jmDesktop
    <> wrote, quoted or indirectly quoted someone
    who said :

    >I was trying to figure out how to connect an applet to a mysql
    >database. I only found very old articles on it. It seems no one does
    >this. So, now I am stuck.


    normally you would do it with a Servlet intermediary that actually
    does the database calls.

    Having the Applet do it directly exposes the JDBC API to the wicked.

    The servlet can also intelligently sift through the information
    provided by JDBC to keep the traffic to a minimum.
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
     
    Roedy Green, May 16, 2008
    #9
  10. jmDesktop

    Mark Space Guest

    jmDesktop wrote:
    > On May 15, 11:06 pm, Arne Vajhøj <> wrote:
    >>
    >> The only half safe way is to have end user specific accounts on the
    >> database.


    >
    > Is that middleware piece a "servlet"?


    I was kinda confused by Arne first comment too, but "user specific
    accounts" in his second reply makes it plain what he is getting at here.

    If your applet or JWS program can access a database, so can anyone else.
    Your database is "bare" on the 'net and anyone at all can connect to
    it anytime he or she wants. It's a security hole.

    So, with that in mind: servlets can be one way to implement the
    protection needed on your server to prevent unauthorized access your
    database.

    However, especially in the case of JWS, the answer might even be
    "probably not" with respect to using servlets as middleware. Certainly
    it possible to write your own protection layer in Java, deamonize it,
    and then let it listen for connections and provide the level of security
    desired.

    Servlets do have some built-in advantages. The networking code is done
    for you already. Port 80 is almost always allowed on client system.
    And SSL provides encryption, which will be necessary for any real form
    of security. But using servlets should be weight against all other
    options. It's not a given and definitely not the only choice.

    Well I hope this was at least partly clear....
     
    Mark Space, May 16, 2008
    #10
  11. jmDesktop

    Arne Vajhøj Guest

    jmDesktop wrote:
    > On May 15, 11:06 pm, Arne Vajhøj <> wrote:
    >> jmDesktop wrote:
    >>> On May 15, 10:42 pm, Arne Vajhøj <> wrote:
    >>>> jmDesktop wrote:
    >>>>> I was trying to figure out how to connect an applet to a mysql
    >>>>> database. I only found very old articles on it. It seems no one does
    >>>>> this. So, now I am stuck. I want to write a game in an applet that
    >>>>> utilizes a database. I don't want to use Flash and php, which I keep
    >>>>> reading folks use. I want use Java. I just don't know the proper
    >>>>> design. Do I have a middle page, a servlet, that sits on the server
    >>>>> the applet talks to and that middle page talks to the server and
    >>>>> selects/updates the database?
    >>>> Yes. It is bad to let the applet talk directly to the database.
    >>>> applet----(HTTP)----web app----(JDBC)----database
    >>>> is better.
    >>>> See my reply to your other post for details.
    >>> Does the same go for using webstart? Any Java application (not just
    >>> applet) that connects over the Internet?

    >> Yes.
    >>
    >> The only half safe way is to have end user specific accounts on the
    >> database.
    >>
    >> And that is not good.
    >>
    >> And it is still not good to have direct access from the internet to the
    >> database server.

    >
    > Is that middleware piece a "servlet"?


    That web app can be anything.

    If it is Java server side, then it will be a servlet (JSP is not
    suitable).

    But it could also be a PHP web app or anything else.

    Arne
     
    Arne Vajhøj, May 17, 2008
    #11
  12. Lew wrote:
    > A best practice is to use a layered architecture. Arne illustrated one
    > with three basic layers: front end, middleware logic and back end data
    > system.
    >
    > Refinements of the scheme might split middleware into control logic
    > ("Controller"), presentation logic ("View") and business logic
    > ("Model"), for example. The business logic might communicate to the
    > data system via a connection layer, such as a Java Persistence API (JPA)
    > framework (TopLink, Hibernate, OpenJPA).
    >
    > How many layers you architect, and how thick or thin each one is,
    > depends on the needs of the particular project. Three layers seems the
    > minimum, more than seven would be suspect.
    >
    > The separation of model, view and controller (the
    > "Model-View-Controller" or "MVC" architecture) has many advantages for
    > robustness, correctness, stability, maintainability and expandability.
    > This is a case of the principle of separation of concerns - each layer
    > has a narrow focus of responsibility and clean, simple ways of
    > communication with its nearest neighbor layers (and no others).
    >
    > A Java Enterprise architecture would use JSPs or XHTML pages for the
    > presentation artifacts, quite likely script enhanced. A framework like
    > Java Server Faces (JSF) provides the interface components, also
    > controller and presentation logic components. A custom or
    > framework-provided servlet (or small set of servlets) provides the glue
    > that ties those front-end components to the business logic components.
    > There might be specialized communication libraries to carry messages
    > between layers, such as web-services frameworks or message queues. The
    > business logic comprises Java components variously realized as POJO
    > (likely JavaBean-ish) classes or Enterprise JavaBeans (EJBs), which are
    > not the same as non-Enterprise JavaBeans. They handle things like
    > coordination of authentication, stitching together requested data into
    > meaningful structures and so on. Business logic can represent entities,
    > the nouns of the application domain, or processes, the verbs of the domain.
    >
    > Business logic connects to the data layer, data layer talks to the
    > datastore, oh, oh, dem bones.
    >
    > I just made it sound complex, and it can be if the requirements are big
    > enough. It doesn't need to be. Simple web apps use
    > XHTML/JSPs/JSF/scripting for the front end, a little bit of servlet
    > controlling things, Java objects handling business logic, JPA framework,
    > PostgreSQL or Derby (JavaDB) on the back end and you're good to go.


    All very correct.

    If it is for a human interface.

    An interface for an applet would be different. No XHTML/JSP/JSF.

    Either a servlet per interaction type. Or a single servlet that
    forwards to different classes.

    Anyway it will not be MVC - only 100% M + 0% V + 50% C.

    Arne
     
    Arne Vajhøj, May 17, 2008
    #12
  13. jmDesktop

    jmDesktop Guest

    On May 16, 3:22 pm, Mark Space <> wrote:
    > jmDesktop wrote:
    > > On May 15, 11:06 pm, Arne Vajhøj <> wrote:

    >
    > >> The only half safe way is to have end user specific accounts on the
    > >> database.

    >
    > > Is that middleware piece a "servlet"?

    >
    > I was kinda confused by Arne first comment too, but "user specific
    > accounts" in his second reply makes it plain what he is getting at here.
    >
    > If your applet or JWS program can access a database, so can anyone else.
    >   Your database is "bare" on the 'net and anyone at all can connect to
    > it anytime he or she wants.  It's a security hole.
    >
    > So, with that in mind: servlets can be one way to implement the
    > protection needed on your server to prevent unauthorized access your
    > database.
    >
    > However, especially in the case of JWS, the answer might even be
    > "probably not" with respect to using servlets as middleware.  Certainly
    > it possible to write your own protection layer in Java, deamonize it,
    > and then let it listen for connections and provide the level of security
    > desired.
    >
    > Servlets do have some built-in advantages.  The networking code is done
    > for you already.  Port 80 is almost always allowed on client system.
    > And SSL provides encryption, which will be necessary for any real form
    > of security.  But using servlets should be weight against all other
    > options.  It's not a given and definitely not the only choice.
    >
    > Well I hope this was at least partly clear....


    Yes and thank you to everyone. I only need the applet because I need
    a richer graphical environment than a regular webpage, and I don't
    want to use Flash, Flex, or Silverlight. I thought about JavaFX, but
    not sure and the tools are all there yet. Plus I just want to use
    Java (and associated variations, jsp, etc.)
     
    jmDesktop, May 17, 2008
    #13
  14. Lew wrote:
    > Arne Vajhøj wrote:
    >> An interface for an applet would be different. No XHTML/JSP/JSF.
    >>
    >> Either a servlet per interaction type. Or a single servlet that
    >> forwards to different classes.
    >>
    >> Anyway it will not be MVC - only 100% M + 0% V + 50% C.

    >
    > I think of applets as subsuming V.


    Yep.

    The applet has the 0% M + 100% V + 50% C missing.

    Arne
     
    Arne Vajhøj, May 17, 2008
    #14
  15. On May 16, 7:24 pm, BTDTGTTS <> wrote:
    ...
    > ...An applet can only talk to the server from which it
    > was loaded ..


    Unless it is digitally signed by the developer, and
    accepted as 'trusted' by the user, then it can do
    (almost) anything.

    And to the OP, once you have the other details
    on the server sorted, I would recommend a JWS
    based app. over an applet. It will lower
    maintenance costs.

    --
    Andrew T.
    PhySci.org
     
    Andrew Thompson, May 17, 2008
    #15
  16. jmDesktop

    Mark Space Guest

    Andrew Thompson wrote:

    > And to the OP, once you have the other details
    > on the server sorted, I would recommend a JWS
    > based app. over an applet. It will lower
    > maintenance costs.
    >


    Yup. Applets are almost never used anymore. Look into Dojo, AJAX, GWT
    and JSF too. These are all web app tools, that only run on the server
    and in the browser. However they are the popular choices now-a-days.
     
    Mark Space, May 17, 2008
    #16
  17. jmDesktop

    jmDesktop Guest

    On May 17, 1:24 am, Andrew Thompson <> wrote:
    > On May 16, 7:24 pm, BTDTGTTS <> wrote:
    > ...
    >
    > > ...An applet can only talk to the server from which it
    > > was loaded ..

    >
    > Unless it is digitally signed by the developer, and
    > accepted as 'trusted' by the user, then it can do
    > (almost) anything.
    >
    > And to the OP, once you have the other details
    > on the server sorted, I would recommend a JWS
    > based app. over an applet.  It will lower
    > maintenance costs.
    >
    > --
    > Andrew T.
    > PhySci.org


    If something is JWS based. Is that a regular java app, just launched
    on the client via Java Web Start?
     
    jmDesktop, May 17, 2008
    #17
  18. jmDesktop

    Arne Vajhøj Guest

    Mark Space wrote:
    > Andrew Thompson wrote:
    >> And to the OP, once you have the other details
    >> on the server sorted, I would recommend a JWS
    >> based app. over an applet. It will lower
    >> maintenance costs.

    >
    > Yup. Applets are almost never used anymore. Look into Dojo, AJAX, GWT
    > and JSF too. These are all web app tools, that only run on the server
    > and in the browser. However they are the popular choices now-a-days.


    JWS is not used much either.

    The fact that Windows does not ship with Java has effectively
    stopped client side Java.

    Arne
     
    Arne Vajhøj, May 17, 2008
    #18
  19. jmDesktop

    Mark Space Guest

    jmDesktop wrote:

    >
    > If something is JWS based. Is that a regular java app, just launched
    > on the client via Java Web Start?


    I think yes, it's a regular app. If it's not signed, the user still has
    to say "OK" if the app needs to write the local file system or access
    the network (aside from the download server), etc.

    But from the program's point of view it can be a plain old Java program.
     
    Mark Space, May 17, 2008
    #19
  20. jmDesktop

    Dave Miller Guest

    Andrew Thompson wrote:
    > On May 16, 7:24 pm, BTDTGTTS <> wrote:
    > ...
    >> ...An applet can only talk to the server from which it
    >> was loaded ..

    >
    > Unless it is digitally signed by the developer, and
    > accepted as 'trusted' by the user, then it can do
    > (almost) anything.
    >
    > And to the OP, once you have the other details
    > on the server sorted, I would recommend a JWS
    > based app. over an applet. It will lower
    > maintenance costs.
    >
    > --
    > Andrew T.
    > PhySci.org

    Interesting comment - where do you see the advantage in maintenance costs?

    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
     
    Dave Miller, May 18, 2008
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGlkaWVyLlQ=?=
    Replies:
    0
    Views:
    488
    =?Utf-8?B?RGlkaWVyLlQ=?=
    Dec 7, 2005
  2. Roland Poellinger
    Replies:
    1
    Views:
    1,309
    Ryan Dillon
    Mar 12, 2005
  3. mark4asp
    Replies:
    1
    Views:
    349
    Latish Sehgal
    Mar 29, 2007
  4. rantingrick
    Replies:
    44
    Views:
    1,250
    Peter Pearson
    Jul 13, 2010
  5. Replies:
    2
    Views:
    302
Loading...

Share This Page