堆栈内存溢出
  简体   繁体   English

在JAVA和Servlet中客户端和服务器端之间进行数据库调用的安全方法?

[英]Safe method for database calls between client-side and server-side in JAVA & Servlet?

 原文  2013-10-05 20:55:32       java/ servlets/ ejb/ ejb-3.0/ servlet-3.0

问题描述

i am builds a java chat application , based on Java Secure Sockets and JavaFX and use Derby Database on the server side to record the members in the database , 我正在建立一个基于Java安全套接字JavaFX的Java聊天应用程序,并在服务器端使用Derby Database在数据库中记录成员,

My Question is , how i make a secure connection between the Client Side Applet and the Server Side ? 我的问题是,如何在客户端小程序和服务器端之间建立安全连接? instead of the direct connection to the remote database from the client side to the server side ? 而不是从客户端到服务器端直接连接到远程数据库?

i had an idea to use Servlet as a Remote API , and calling it from the client side , and tell it the command to run it in the remote database on the server ? 我有一个使用Servlet作为远程API的想法,并从客户端调用它,并告诉它在服务器上的远程数据库中运行它的命令?

Is this method Safe and Secure ? 这种方法安全吗? but i am worry about that may a bad people try to fetch the API URL , and try to call it badly and add wrong records to the database without needs to login the client-side application and try to hack the database ? 但是我担心,一个坏人可能会尝试获取API URL,并尝试对其进行不良调用并向数据库中添加错误的记录,而无需登录客户端应用程序并尝试对数据库进行黑客攻击? so how i secure my self from this matter ? 那么,我如何保护自己免受这种伤害呢? with notice that the client-side Application may be installed in many computers , so don't tell me to secure the API by determine the remote IP which capable to connect via the API :) 请注意,客户端应用程序可能已安装在许多计算机上,因此请不要告诉我通过确定能够通过API连接的远程IP来保护API :)

And if there are any other more secure methods please tell me 如果还有其他更安全的方法,请告诉我

Thank you , 谢谢 ,

1 个解决方案

解决方案1
 0  2013-10-10 10:32:01

Your application seems to be a good candidate for a standard three-tier architecture . 您的应用程序似乎是标准三层体系结构的理想选择。 Using servlets as a proxy between your client and the DB is a good and widely used approach. 使用servlet作为客户端和数据库之间的代理是一种很好且广泛使用的方法。 Among other benefits it allows you to use a higher level transport (HTTP) instead of dealing with sockets. 除其他优点外,它还允许您使用更高级别的传输(HTTP)来处理套接字。 You can create a simple REST API to handle client requests and call it from your client. 您可以创建一个简单的REST API来处理客户端请求,并从客户端调用它。 I believe, it will also make the client code simpler. 我相信,这也将使客户端代码更简单。

Is this method Safe and Secure? 这种方法安全吗?

Yes. 是。 You can use HTTPS for traffic encryption and HTTP basic authentication to protect from unauthorized calls to your service. 您可以使用HTTPS进行流量加密和HTTP基本身份验证,以防止未经授权的服务调用。 These security features are a part of the servlet specification. 这些安全功能是Servlet规范的一部分。 Alternatively you can use other frameworks (like Spring) for it. 或者,您可以使用其他框架(例如Spring)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 需要在HTML + JavaScript的客户端和Java / C ++的服务器端程序之间进行通信 - Need to communicate between Client-side in HTML+JavaScript and Server-side program in Java/C++ 从客户端应用程序保护服务器端输出 - Secure server-side output from a client-side app 客户端Google Earth + JS; 服务器端Java包 - Client-side Google Earth + JS; server-side Java package 使用Dojo文件上传客户端将其他数据发送到Java服务器端 - Send additional data to Java server-side using Dojo file upload client-side JSON(客户端)&lt;-&gt; Java(服务器端)&lt;-&gt; JSON(NoSQL DB) - JSON (client-side) <-> Java (server-side) <-> JSON (NoSQL DB) 客户端Java中的服务器地址 - Server-Address in client-side java 客户端 java 在服务器上工作吗? - Does client-side java work on a server? 如何从客户端桌面应用程序向服务器端Spring应用程序发送请求? - How to do requests to a server-side Spring app from a client-side desktop app? 是否有一种简单的方法可以让客户端JavaScript访问像Enums这样的服务器端类? - Is there a simple way to give client-side JavaScript access to server-side classes like Enums? Struts Web应用程序:可重用的验证客户端和服务器端 - Struts Web Application: Reusable Validation Client-Side & Server-Side
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM