I was going to ask this, but I didn't want to hijack the thread. I can't see how it's at all secure. Can you encrypt a jar file?Originally Posted by Samuraid
Just as a sidenote, is connecting to a database through a jar file really secure? Because if you do put something like that on the web, I'm going to be forced to download and unzip all your jars, and decompile the classes back to the source to see if the database is able to be hacked.
A Java applet has to be run client-side, so you're guaranteed to be sending the scripts to the client. I've had to decompile bytecode back into Java before and it's fairly trivial (good thing it's possible, I almost lost a group assignment in a robotics course in college).
You could have a Java daemon sitting on the server that sends data out to clients. Then you could at least be sure to control the nature of the data that's being sent and avoid letting any client in the world talk to your SQL server, and since the daemon is running server-side you can keep your SQL login scripts out of DocumentRoot so no one can get at it. But then you have to rely on the security of your own daemon not to go whoring out your database to people. I'd rather rely on the security of Apache than on anything I write myself.
Reply With Quote