Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (494)
Games in Android Showcase (114)
games submitted by our members
Games in WIP (563)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Protect Password in Applet  (Read 2040 times)
0 Members and 1 Guest are viewing this topic.
Offline JAW

Senior Member


Medals: 2



« Posted 2009-07-25 13:53:01 »

Hi

I am considering to develop a java applet browser game, which would require the use of a database. But since the applet runs on the client and needs to make a db connection, it needs the password at this point in clear text. Anyone could decompile the applet and insert a system.out.println to get the db pass and do bad things to my db.

Is there a way to make a java based browser game while protecting the system from manipulation through a hacker attack?

-JAW
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 793
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #1 - Posted 2009-07-25 14:01:19 »

Never ever let a client to connect to your database.

Connect to a server, that handles all database access internally.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline JAW

Senior Member


Medals: 2



« Reply #2 - Posted 2009-08-04 15:57:14 »

Thanks so far

What would be the cheapest and easiest solution using the typical webhosting offers?
So far I would try using PHP Scripts on a webhosting with a MySQL database and use
URLConnections from the applet to the server.

Doing so, I would still need some kind of security method, so that no one can
invoke the PHP Scripts with bad data.

-JAW
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline h3ckboy

JGO Coder


Medals: 5



« Reply #3 - Posted 2009-08-04 16:29:30 »

Thanks so far

What would be the cheapest and easiest solution using the typical webhosting offers?
So far I would try using PHP Scripts on a webhosting with a MySQL database and use
URLConnections from the applet to the server.

Doing so, I would still need some kind of security method, so that no one can
invoke the PHP Scripts with bad data.

-JAW
there aint much you can do to hide the php. if you really want to you could encrypt the url. but even that is breakable.
Offline Wildern

Junior Member





« Reply #4 - Posted 2009-08-04 17:40:00 »

Always treat incoming data as untrusted.  Only pass it on to the  DB once it has been sanitized and validated.
See here.

Thanks so far

What would be the cheapest and easiest solution using the typical webhosting offers?
So far I would try using PHP Scripts on a webhosting with a MySQL database and use
URLConnections from the applet to the server.

Doing so, I would still need some kind of security method, so that no one can
invoke the PHP Scripts with bad data.

-JAW
Offline h3ckboy

JGO Coder


Medals: 5



« Reply #5 - Posted 2009-08-04 18:17:31 »

Always treat incoming data as untrusted.  Only pass it on to the  DB once it has been sanitized and validated.
See here.


yeaht aht one was funy, I remember that from a while back.
Offline JAW

Senior Member


Medals: 2



« Reply #6 - Posted 2009-08-05 20:42:36 »

Well I thought about some SessionID or one use only Action Token to protect against invalid calls to the scripts. This does not protect against a namipulated java program, but illegal actions should be cought when the server validates the input. But it would at least compilcate manual calls to the scripts or "just for fun" calls.

Ill think it through. Maybe ill rather do a normal offline game.

-JAW
Offline DzzD
« Reply #7 - Posted 2009-08-07 00:48:41 »

just use a standard php login/password page than put the resulting session id into an applet parameter

spmething like :

1  
2  
3  
4  
<applet .....

<param name="id" value="<? echo session_id(); ?>" >
</applet>


also if you want a single entry point to your application so that all your url will look like http//yoursite.com/ juste make an index.php that redirect to the correct php script using your designed rules. alternatively you can remove all header so the client will have trouble to know you are using php

something like that (nb : this is only the very base idea dont use as it, for example you should prefer to create object rather than include file as in the following sample ):

index.php
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  
<? 

//set the session by hand

if(is_set($_POST['ID']))
 session_id($_POST['ID']);

//here verify authentication

//if user is NOT trusted/logged exit

if($_GET['p']==1)
 include(" ../private/page1.php");

if($_GET['p']==2)
 include(" ../private/page1.php");

?>


then you will use http://yoursite.com/?p=1 or http://yoursite.com/?p=2 as URL, in the applet you should put the ID parameter (from the parm tag) as a post or get parameter depending on your index.php script.


the only active public script shoul be index.php, all other file should be put in a private directory that cannot be read from outside


Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Dwinin (21 views)
2014-09-12 09:08:26

Norakomi (55 views)
2014-09-10 13:57:51

TehJavaDev (66 views)
2014-09-10 06:39:09

Tekkerue (33 views)
2014-09-09 02:24:56

mitcheeb (54 views)
2014-09-08 06:06:29

BurntPizza (38 views)
2014-09-07 01:13:42

Longarmx (24 views)
2014-09-07 01:12:14

Longarmx (30 views)
2014-09-07 01:11:22

Longarmx (28 views)
2014-09-07 01:10:19

mitcheeb (37 views)
2014-09-04 23:08:59
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!