Secure way for database calls between client-side and server-side in JAVA & Servlet?
i am builds a java chat application , based on Java Secure Sockets and JavaFX and use Derby Database on the server side to record the members in the database ,
My Question is , how i make a secure connection between the Client Side Applet and the Server Side ? instead of the direct connection to the remote database from the client side to the server side ?
i had an idea to use Servlet as a Remote API , and calling it from the client side , and tell it the command to run it in the remote database on the server ?
Is this method Safe and Secure ? but i am worry about that may a bad people try to fetch the API URL , and try to call it badly and add wrong records to the database without needs to login the client-side application and try to hack the database ? so how i secure my self from this matter ? with notice that the client-side Application may be installed in many computers , so don't tell me to secure the API by determine the remote IP which capable to connect via the API :)
And if there are any other more secure methods please tell me
Thank you ,
Re: Secure way for database calls between client-side and server-side in JAVA & Servlet?
Well it depends on how your servlet interacts with your database. First of all, beware of designing it in a way which can leave you open to SQL-injection. Second, consider implementing some sort of user system, which requires a user and password authentication to interact with the api. Lastly, you could implement a client-side session which you can pass to your servlet during every command. The session variable could be sent to the servlet on client initialization, and kept until some period of inactivity has passed. Every command you send would contain the session, and the servlet would validate the session before doing anything.
These aren't bullet-proof, but it would at least make hackers put some effort in if they want to do anything malicious.