问题描述
我最近变得我的爱好Java项目嵌入到页面,但现在我有一些安全问题。
I've recently gotten my hobby java project embedded into a page thanks to this very site, but now I'm having some security issues.
我有包括:
import java.sql.*;
和行:
Class.forName("com.mysql.jdbc.Driver").newInstance();
,以及在我的src目录下一个mysql .jar文件,它从控制台的工作原理,并在小程序正常工作从applet - 直到我的code,它的forName()行,它抛出例外:
as well as a mysql .jar file in my src directory, it works from the console, and in the applet works fine from the applet - up until that forName() line in my code, where it throws the exception:
Exception: com.mysql.jdbc.Driverjava.lang.ClassNotFoundException: com.mysql.jdbc.Driver
java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.-1)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkExit(Unknown Source)
at java.lang.Runtime.exit(Unknown Source)
at java.lang.System.exit(Unknown Source)
at applet.Database.connectDB(Database.java:80)
etc...
我想我可能是能够与client.policy文件修复它,否则我可能需要写它采用服务器 - 客户端的网络连接从服务器端来查询一个抽象层...
I think I may be able to fix it with a client.policy file, otherwise I might need to write an abstraction layer which uses a server-client network connection to query from the server-side...
我敢肯定,在Java大师们在这里大概知道它的最好方式。
I'm sure the Java gurus here probably know the best way about it.
推荐答案
我觉得安全异常实际上是在你的小应用程序System.exit()调用,之后的Class.forName()。一般来说,你不允许调用System.exit()在未签名的Applet,因为它关闭整个JVM下来。你检查,如果线80实际上是的Class.forName()行,还是行80有某种异常处理的它试图调用System.exit()如果司机不加载?
I think the security exception is actually from a System.exit() call in your applet, after the Class.forName(). Generally you are not allowed to call System.exit() in unsigned applets as it shuts the whole JVM down. Have you checked if line 80 is actually the Class.forName() line, or does line 80 have some kind of exception handler which tries to call System.exit() if the driver does not load?
总之,以加载mysql的jar文件在你的小应用程序,你需要把它列入像这样的存档属性:
Anyway, in order to load the mysql jar file in your applet, you need to include it in an ARCHIVE attribute like this:
<APPLET ARCHIVE="mysql.jar" CODEBASE="./src/" ...
一旦你过去这个阶段,你仍然需要在同一IP号/主机名作为Web服务器来承载MySQL服务器,并打开它所有谁可以访问您的小程序同样的人。正如托尼说,这不是人们通常如何做到这一点,出于安全原因。最好编写服务器端的东西,如果你有应用服务器的控制权,并使用XML或其他一些数据交换的方法来获取数据到小程序。当然,如果你只是实验,以了解小程序,那么它可能罚款 - 但千万注意保持MySQL的防火墙如果可能的话后面
Once you get past this stage, you will still need to host the mysql server at the same IP number/hostname as the webserver, and open it to all the same people who can access your applet. As Tony said, this isn't how people normally do it, for security reasons. Better to write something on the server side, if you have control of the app server, and use XML or some other data exchange method to get the data out to the applet. Of course if you are just experimenting to learn about applets, then it's probably fine - but do take care to keep mysql behind your firewall if possible.
这篇关于怎样使我的Java小程序使用MySQL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!