Hi !
Featured games (91)
games approved by the League of Dukes
Games in Showcase (757)
Games in Android Showcase (229)
games submitted by our members
Games in WIP (844)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Java MySQL security question  (Read 2709 times)
0 Members and 1 Guest are viewing this topic.
Offline roland
« Posted 2011-09-13 04:24:23 »

Hi, I am interested in using a MySQL for certain things in my applets, but do not understand much about it.
The link below has an example on how to do it, but the username and password are in the applet, does this mean the mysql account could easily be hacked?

Is there a better way to do it?
Offline ReBirth
« Reply #1 - Posted 2011-09-13 05:03:08 »

The link below has an example on how to do it, but the username and password are in the applet, does this mean the mysql account could easily be hacked?
Not absolutely true.
Is there a better way to do it?
If you just concern about the username and password, try to play with those String. You can crypt it or write them as byte in your code. The sample provided on that link is enough I think. To better, you can use servlet but it seems out of question.

Offline Mike

« JGO Spiffy Duke »

Medals: 149
Projects: 1
Exp: 6 years

Java guru wannabe

« Reply #2 - Posted 2011-09-13 05:36:28 »

Depending on what you want to do with mysql it might or might not be okay to connect from an applet to a mysql server. If the only thing you want to do is run selects and you set up the mysql account to only run selects then it's not horribly bad but I don't recommend doing it anyway. If you want to do anything else (update/insert/delete) then you shouldn't put the connnection in the applet. This due to the username and password being available to anyone with some decompile/compile skills.

If you want to use a database use the server as an application server (php/tomcat/servlet and so on) and let that one connect to the database as there is no such thing as applet security Pointing.


My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Cero
« Reply #3 - Posted 2011-09-13 10:16:19 »

on a first look, obviously, the only line thats dangerous is

which is plaintext and showing the data

now you can just encrypt and then decrypt only this string, using whatever

in internet security I have actually only dealt with hashes like sha512, which isnt an option for you, as hashes cannot be "decoded"

so RSA should be an option, or even SSH somehow

Offline princec

« JGO Spiffy Duke »

Medals: 1033
Projects: 3
Exp: 20 years

Eh? Who? What? ... Me?

« Reply #4 - Posted 2011-09-13 10:41:33 »

If you've got a MySQL database exposed to the internet (ie. applets) you're in trouble. Save yourself a load of headaches and go through a middle layer and keep the database away from the front line. My advice would be to use http in the applet (easily gets through proxies and firewalls) and a servlet engine on your webserver which talks to a private database or firewalled database only accessible from certain IP addresses.

Cas Smiley

Offline roland
« Reply #5 - Posted 2011-09-13 11:30:35 »

Thanks for the info everyone Smiley I will take your advice princec, and until I can pay for a server I will stick with http/php scripts
Offline ReBirth
« Reply #6 - Posted 2011-09-15 03:02:00 »

Talking about decompile, maybe servlet and applet are same with their java code dan class file. But a servlet is (usually) saved under WEB-INF directory on server, which cant be accessed without making same efforts.

Pages: [1]
  ignore  |  Print  

EgonOlsen (77 views)
2018-06-10 19:43:48

EgonOlsen (57 views)
2018-06-10 19:43:44

EgonOlsen (77 views)
2018-06-10 19:43:20

DesertCoockie (259 views)
2018-05-13 18:23:11

nelsongames (157 views)
2018-04-24 18:15:36

nelsongames (156 views)
2018-04-24 18:14:32

ivj94 (897 views)
2018-03-24 14:47:39

ivj94 (161 views)
2018-03-24 14:46:31

ivj94 (810 views)
2018-03-24 14:43:53

Solater (174 views)
2018-03-17 05:04:08
Java Gaming Resources
by philfrei
2017-12-05 19:38:37

Java Gaming Resources
by philfrei
2017-12-05 19:37:39

Java Gaming Resources
by philfrei
2017-12-05 19:36:10

Java Gaming Resources
by philfrei
2017-12-05 19:33:10

List of Learning Resources
by elect
2017-03-13 14:05:44

List of Learning Resources
by elect
2017-03-13 14:04:45

SF/X Libraries
by philfrei
2017-03-02 08:45:19

SF/X Libraries
by philfrei
2017-03-02 08:44:05 is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!