Hi all,
I'm new to this mailing list, so apologies up front if I commit a faux pas.
In general, the database will reside on a different machine from the web
server, and will not allow access from any machines other than some
internal ones.
Also, the login to the system should not be the same as the login to the
database. The middle tier has a different login to handle that.
If you want to avoid allowing the user to connect directly to the middle
tier and use it in unexpected ways, one option would be to use serialized
object communication between an applet (as the front end) and a
servlet (as the middle tier). You can then put encryption and other features
into your objects to further restrict user access.
Hope that helps!
Greg Speegle
Baylor University
Cedar Cox wrote:
> You seem to have given this a lot of thought so let me ask a question.
> How do I implement a user login system? If the user knows their password
> (and don't they always?..), what's to stop them from finding and
> contacting the database directly, bypassing the middle tier? I haven't
> been able to find a solution to this problem. Every time I try to think
> about it by brain goes into a recursive loop! :o
>
> Ideas?
>
> -Cedar
>
> On Wed, 1 Nov 2000, Sergio A. Kessler wrote:
>
> > "Adam Lang" <aalang@rutgersinsurance.com> el día Wed, 1 Nov 2000 09:52:35
> > -0500, escribió:
> >
> > [...]
> > >
> > >What are people's thoughts?
> >
> > people's thoughts are that you really want to design a multi-thier
> > design (for example a 3 layer design), where
> >
> > / client1 (browser)
> > database <---> bussines rules - client2 (browser)
> > (ie. apache, php,...) \ .....
> >
> >
> > if your client has direct access to the database, you design is broken...
> >
> > sergio
> >
> >