| Subject | Re: [Firebird-Java] JDBC Secure Channel |
|---|---|
| Author | Rick Fincher |
| Post date | 2003-02-08T03:22:26Z |
Another strategy is to write your end user app as a web application where
possible. Use a JSP container like Tomcat (open source) to serve up the
dynamic web pages, then only allow https access to the Web Server.
There are limits to web apps but your users can access the application on
anything that runs an HTML browser including Palm Pilots and cell phones.
There are free program libraries available that will let you easily do
charts (jfreechart, cewolf), and/or generate PDF files from from your data
so your users can print out very nice looking reports.
In this scenario you can block access to port 3050 through your firewall.
With your web server behind the firewall along with your server machine (or
even on the same machine) no one can access your database unless they are
behind your firewall or they go through your web application and have the
proper passwords.
You build in to your web app just enough access for the users to get the job
done and no more.
Tomcat lets you set up roles for users so that you can restrict access to
certain web pages based on what roles the user is assigned.
The other nice thing about web app is that all of your code is on the
server. Any bug fixes or new features are immediately available to all of
your users without you having to deploy to each individual. Deploy once to
the server and you are done. No more old versions of apps are left floating
around that you have to support.
You get to choose what version of Java and Jaybird to use since it is on
your server.
The only thing you have to worry about is what version of browser your users
are running. If you limit yourself to least common denominator HTML and
Javascript (do all the fancy stuff in Java on the server) you can deploy
apps that your users can get at from anywhere in the world from any machine
they can find with a browser connected to the web.
Rick
possible. Use a JSP container like Tomcat (open source) to serve up the
dynamic web pages, then only allow https access to the Web Server.
There are limits to web apps but your users can access the application on
anything that runs an HTML browser including Palm Pilots and cell phones.
There are free program libraries available that will let you easily do
charts (jfreechart, cewolf), and/or generate PDF files from from your data
so your users can print out very nice looking reports.
In this scenario you can block access to port 3050 through your firewall.
With your web server behind the firewall along with your server machine (or
even on the same machine) no one can access your database unless they are
behind your firewall or they go through your web application and have the
proper passwords.
You build in to your web app just enough access for the users to get the job
done and no more.
Tomcat lets you set up roles for users so that you can restrict access to
certain web pages based on what roles the user is assigned.
The other nice thing about web app is that all of your code is on the
server. Any bug fixes or new features are immediately available to all of
your users without you having to deploy to each individual. Deploy once to
the server and you are done. No more old versions of apps are left floating
around that you have to support.
You get to choose what version of Java and Jaybird to use since it is on
your server.
The only thing you have to worry about is what version of browser your users
are running. If you limit yourself to least common denominator HTML and
Javascript (do all the fancy stuff in Java on the server) you can deploy
apps that your users can get at from anywhere in the world from any machine
they can find with a browser connected to the web.
Rick
----- Original Message -----
Okay, I guess another solutions is to....
a.) Replace the JDBC driver's plain socket with a JSSE socket.
b.) Write a port forwarder that also has a JSSE socket on the Firebird
server machine
c.) forward the info to another port that the Firebird engine listens to
Or something like that?
R.
-----Original Message-----
Robert,
> Is there any way to have a secure channel (e.g. SSL) between
the
> JDBC driver and the database engine? If there is no secure
channel,
> isn't all data sent in the clear?
This is not so much a problem of Jaybird/JDBC but of Firebird.
Basically
I think it is correct to say that Firebird is not designed to
have
port 3050 open to the public as it is not very secure (eg simple
password access to system tables).
But I believe that it is possible to use SSH tools to create a
secure
channel that both Jaybird and Firebird would be unaware of.
There was
at least one discussion of this on either the support or
development
list last year.
Dave
--