Java-Gaming.org    
Featured games (79)
games approved by the League of Dukes
Games in Showcase (477)
Games in Android Showcase (107)
games submitted by our members
Games in WIP (534)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Java MySQL security question  (Read 1544 times)
0 Members and 1 Guest are viewing this topic.
Offline roland
« Posted 2011-09-13 06:24:23 »

Hi, I am interested in using a MySQL for certain things in my applets, but do not understand much about it.
 
The link below has an example on how to do it, but the username and password are in the applet, does this mean the mysql account could easily be hacked?
http://www.java2s.com/Code/Java/Database-SQL-JDBC/AppletJDBC.htm

Is there a better way to do it?
Thanks,
roland
Offline ReBirth
« Reply #1 - Posted 2011-09-13 07:03:08 »

The link below has an example on how to do it, but the username and password are in the applet, does this mean the mysql account could easily be hacked?
Not absolutely true.
Is there a better way to do it?
If you just concern about the username and password, try to play with those String. You can crypt it or write them as byte in your code. The sample provided on that link is enough I think. To better, you can use servlet but it seems out of question.

Offline Mike

JGO Ninja


Medals: 71
Projects: 1
Exp: 5 years


Java guru wanabee


« Reply #2 - Posted 2011-09-13 07:36:28 »

Depending on what you want to do with mysql it might or might not be okay to connect from an applet to a mysql server. If the only thing you want to do is run selects and you set up the mysql account to only run selects then it's not horribly bad but I don't recommend doing it anyway. If you want to do anything else (update/insert/delete) then you shouldn't put the connnection in the applet. This due to the username and password being available to anyone with some decompile/compile skills.

If you want to use a database use the server as an application server (php/tomcat/servlet and so on) and let that one connect to the database as there is no such thing as applet security Pointing.

Mike

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Cero
« Reply #3 - Posted 2011-09-13 12:16:19 »

on a first look, obviously, the only line thats dangerous is
1  
"jdbc:mysql://192.168.1.25/accounts?user=spider&password=spider"

which is plaintext and showing the data

now you can just encrypt and then decrypt only this string, using whatever

in internet security I have actually only dealt with hashes like sha512, which isnt an option for you, as hashes cannot be "decoded"

so RSA should be an option, or even SSH somehow

Offline princec

JGO Kernel


Medals: 342
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #4 - Posted 2011-09-13 12:41:33 »

If you've got a MySQL database exposed to the internet (ie. applets) you're in trouble. Save yourself a load of headaches and go through a middle layer and keep the database away from the front line. My advice would be to use http in the applet (easily gets through proxies and firewalls) and a servlet engine on your webserver which talks to a private database or firewalled database only accessible from certain IP addresses.

Cas Smiley

Offline roland
« Reply #5 - Posted 2011-09-13 13:30:35 »

Thanks for the info everyone Smiley I will take your advice princec, and until I can pay for a server I will stick with http/php scripts
Offline ReBirth
« Reply #6 - Posted 2011-09-15 05:02:00 »

Talking about decompile, maybe servlet and applet are same with their java code dan class file. But a servlet is (usually) saved under WEB-INF directory on server, which cant be accessed without making same efforts.

Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

pw (35 views)
2014-07-24 01:59:36

Riven (33 views)
2014-07-23 21:16:32

Riven (21 views)
2014-07-23 21:07:15

Riven (24 views)
2014-07-23 20:56:16

ctomni231 (55 views)
2014-07-18 06:55:21

Zero Volt (47 views)
2014-07-17 23:47:54

danieldean (38 views)
2014-07-17 23:41:23

MustardPeter (43 views)
2014-07-16 23:30:00

Cero (59 views)
2014-07-16 00:42:17

Riven (56 views)
2014-07-14 18:02:53
HotSpot Options
by dleskov
2014-07-08 03:59:08

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:58:24

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:47:22

How do I start Java Game Development?
by ra4king
2014-05-17 11:13:37

HotSpot Options
by Roquen
2014-05-15 09:59:54

HotSpot Options
by Roquen
2014-05-06 15:03:10

Escape Analysis
by Roquen
2014-04-29 22:16:43

Experimental Toys
by Roquen
2014-04-28 13:24:22
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!