The applet will help the user to create java class objects which will be sent to the PHP server, which will store the object as a blob in a MySQL database. The reverse should work too – reading the data back.
The user will have to be logged into the PHP server anyway to view this applet. But at the same time I don’t want to leave the applet ‘open’ to have access to the database (through PHP) without a password.
The connection will be like this:
Java Applet — send URL stream –> PHP Script — Authenticate — if valid connect to DB –> MySQL DB
I want this process to authenticate the user but at the same time I don’t want the user to have to log in again after having logged into the website, and at the same time I don’t want the Applet to store any secure information because thats not safe.
Is there a way around here? Or will I have to look for an alternative? (If so, what alternative?)
Your applet should have the ability to read cookies from the page it is displayed on. So, assuming the user has authenticated into the webpage, you could have it grab a session ID (or whatever) from the page, and use that to ‘authenticate’ into your server. However, bear in mind that unless you’re using an encrypted session (https), these cookies can be read in transit by 3rd parties. Also, you need to be aware that any 3rd party scripts on your page will also be able to read these cookies.
I don’t think this is as ideal from a security standpoint as having the user authenticate to the database again, but this is an alternative you can use.