Jump to content
  • Advertisement
Sign in to follow this  
ju2wheels

[java] Applet security

This topic is 4848 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Ive read the sun documentation on this but its still confusing as can be for me to understand the proper sequence or procedure to make an applet inside a jar archive "trusted". I want to get my archive signed with a certificate so it can be trusted and be able to open a connection to a database. Ive seen this done by a prompt that asks the user if they would like to give an applet permissions and thuis be trusted but I dont know how I can get my archive to do that as well. Can someone tell me the sequence of steps I should go through to get my applet to do this? Any help and suggestions would be greatly appreciated.

Share this post


Link to post
Share on other sites
Advertisement
First of all, here are the links to the programs you need to use, so you can see the other command-line switches and what they do: keytool jarsigner

The first thing you need is a jar file with your applet inside. Then you can call this from the command line.
C:\Path-to-Jar-file>keytool -genkey -alias mykey -keystore .mykey

The alias "mykey" and keystore ".mykey" can be anything you want. You will be prompted for some information, and a password. Remember the password. If that works, then...

C:\Path-to-Jar-file>jarsigner -keystore .mykey -storepass password jarfilename.jar mykey

Notice that you need to pass the name of the keystore, and the alias goes at the end. You do not need to generate your own keystore, but I like to do that so it can be included with the project, and anyone call resign the jar if they have the password.

Hope that helps :)

Share this post


Link to post
Share on other sites
I would like to point out that it's not necessary for an Applet to be signed in order to be able to connect to a database.

However, the following things must all be true:
- You should bundle the JDBC driver
- The JDBC driver should be a type IV (all Java-based), or at least type III (Java-based frontend with some sort of middle tier). This rules out Type II drivers (which use native libraries client-side) and JDBC:ODBC.
- The server you're connecting to should, from the client's perspective, have the same hostname as the web server the applet itself is coming from. This means that if your applet is coming from ebanking.example.com, it must connect to ebanking.example.com. However, if you have a load balancer or some other NAT device in front of ebanking.example.com, the database and web servers could still be on different machines.

That said, no sane online banking applet would use JDBC to connect to its backend:
- Some JDBC drivers cannot encrypt data etc, so the (JDBC) connection may not be secure
- You'd have to have a username/password in the applet which the user could reverse engineer then connect directly to the database themselves. Even if the user had very limited access, that might still be too much.

Mark

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!