Alternative to passing userid & password through Java applet?

The applet will help the user to create java class objects which will be sent to the PHP server, which will store the object as a blob in a MySQL database. The reverse should work too - reading the data back.

The user will have to be logged into the PHP server anyway to view this applet. But at the same time I don't want to leave the applet 'open' to have access to the database (through PHP) without a password.

The connection will be like this: Java Applet -- send URL stream --> PHP Script -- Authenticate -- if valid connect to DB --> MySQL DB

I want this process to authenticate the user but at the same time I don't want the user to have to log in again after having logged into the website, and at the same time I don't want the Applet to store any secure information because thats not safe.

Is there a way around here? Or will I have to look for an alternative? (If so, what alternative?)

Answers


Your applet should have the ability to read cookies from the page it is displayed on. So, assuming the user has authenticated into the webpage, you could have it grab a session ID (or whatever) from the page, and use that to 'authenticate' into your server. However, bear in mind that unless you're using an encrypted session (https), these cookies can be read in transit by 3rd parties. Also, you need to be aware that any 3rd party scripts on your page will also be able to read these cookies.

I don't think this is as ideal from a security standpoint as having the user authenticate to the database again, but this is an alternative you can use.


The applet call should enter the same HTTP session that has already been created by server when user entered the site.

The session is created by server and server sends the session ID as a special Cookie. In case of java based servers it is typically jsessionid. The server sends cookies using HTTP response header named Set-Cookies. Client should send all the cookies back using header Cookies.

So, your applet should be able to access cookies hold by browser and send them. To access cookies of browser you should use LiveConnect API that allows mapplet to call javascript from containing page.


Need Your Help

Using nginx as reverse proxy for apache and want more htaccess control

nginx

I'm using nginx in a reverse proxy configuration with apache2. I have used other, preconfigured web servers in this way and enjoyed complete control over redirects from an .htaccess file.

Working with Amazon SQS & SNS in Java

java amazon-s3 amazon-web-services amazon-sqs amazon-sns

For the first time I have come across Amazon SQS and Amazon SNS. I will be working with these at my work place in Java.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.