S
Sezer Yilmaz
Hello !
Some months ago we began to learn Java in University.
I know there's enough to learn in that field, but know I got in my head to
learn
implementing J2EE applications because I'm very interested in Client-Server
programming and distributed systems. So I managed to run some example
applications and now I want to write my first own J2EE code.
Since I need some motivation, the application I write must not be nonsense
and I want to learn some important J2EE basics. So the project I chose
is the following:
- Application Name: Internet Adressbook
- Application Server: JBoss 4.04
- DB Server: MySQL
- Authentication and Authorization functions ( Has anyone ideas ? JAAS
perhaps ? )
- Frontend: Java Application, no Web-Tier
Now my question or problem is the following:
The Applicationserver must be on the Internet so that I can logon
with the Client from anywhere. Is this a bad idea (concerning security) ?
Can I secure the communication between the client and the
"business logic", the EJB's ? And what about the JNDI lookups ?
What if someone else overwrites my registred objects to sniff
important information etc. Is it possible to secure the JNDI
lookups or is it even possible to "hardcode" the requests so
that the JNDI lookups are no longer necessary and the security gap is closed
?
I'm very interested in your opinion about all that.
Thank you for your advices in advance.
Greetings
Sezer
Some months ago we began to learn Java in University.
I know there's enough to learn in that field, but know I got in my head to
learn
implementing J2EE applications because I'm very interested in Client-Server
programming and distributed systems. So I managed to run some example
applications and now I want to write my first own J2EE code.
Since I need some motivation, the application I write must not be nonsense
and I want to learn some important J2EE basics. So the project I chose
is the following:
- Application Name: Internet Adressbook
- Application Server: JBoss 4.04
- DB Server: MySQL
- Authentication and Authorization functions ( Has anyone ideas ? JAAS
perhaps ? )
- Frontend: Java Application, no Web-Tier
Now my question or problem is the following:
The Applicationserver must be on the Internet so that I can logon
with the Client from anywhere. Is this a bad idea (concerning security) ?
Can I secure the communication between the client and the
"business logic", the EJB's ? And what about the JNDI lookups ?
What if someone else overwrites my registred objects to sniff
important information etc. Is it possible to secure the JNDI
lookups or is it even possible to "hardcode" the requests so
that the JNDI lookups are no longer necessary and the security gap is closed
?
I'm very interested in your opinion about all that.
Thank you for your advices in advance.
Greetings
Sezer