如何允许我的 Java 小程序使用 MySQL?
我最近将我的爱好 java 项目嵌入到页面中感谢这个网站 ,但现在我遇到了一些安全问题。
我的 src 目录中有 include:
import java.sql.*;
和 line:
Class.forName("com.mysql.jdbc.Driver").newInstance();
以及 mysql .jar 文件,它可以在控制台中工作,并且在小程序中可以从小程序中正常工作 - 直到我的代码中的 forName() 行,其中它抛出异常:
Exception: com.mysql.jdbc.Driverjava.lang.ClassNotFoundException: com.mysql.jdbc.Driver
java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.-1)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkExit(Unknown Source)
at java.lang.Runtime.exit(Unknown Source)
at java.lang.System.exit(Unknown Source)
at applet.Database.connectDB(Database.java:80)
etc...
我想我也许可以使用 client.policy 文件修复它,否则我可能需要编写一个抽象层,它使用服务器-客户端网络连接从服务器端查询......
我'我确信这里的 Java 专家可能知道最好的方法。
I've recently gotten my hobby java project embedded into a page thanks to this very site, but now I'm having some security issues.
I have the include:
import java.sql.*;
and the line:
Class.forName("com.mysql.jdbc.Driver").newInstance();
as well as a mysql .jar file in my src directory, it works from the console, and in the applet works fine from the applet - up until that forName() line in my code, where it throws the exception:
Exception: com.mysql.jdbc.Driverjava.lang.ClassNotFoundException: com.mysql.jdbc.Driver
java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.-1)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkExit(Unknown Source)
at java.lang.Runtime.exit(Unknown Source)
at java.lang.System.exit(Unknown Source)
at applet.Database.connectDB(Database.java:80)
etc...
I think I may be able to fix it with a client.policy file, otherwise I might need to write an abstraction layer which uses a server-client network connection to query from the server-side...
I'm sure the Java gurus here probably know the best way about it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
我认为安全异常实际上来自小程序中 Class.forName() 之后的 System.exit() 调用。 通常,不允许在未签名的小程序中调用 System.exit(),因为它会关闭整个 JVM。 您是否检查过第 80 行是否实际上是 Class.forName() 行,或者第 80 行是否有某种异常处理程序,如果驱动程序未加载,它会尝试调用 System.exit() ?
无论如何,为了在小程序中加载 mysql jar 文件,您需要将其包含在 ARCHIVE 属性中,如下所示:
一旦您过了此阶段,您仍然需要将 mysql 服务器托管在与以下相同的 IP 号/主机名中:网络服务器,并将其开放给所有可以访问您的小程序的人。 正如托尼所说,出于安全原因,人们通常不会这样做。 如果您可以控制应用服务器,最好在服务器端编写一些内容,并使用 XML 或其他数据交换方法将数据发送到小程序。 当然,如果您只是尝试了解小程序,那么可能没问题 - 但如果可能的话,请注意将 mysql 置于防火墙后面。
I think the security exception is actually from a System.exit() call in your applet, after the Class.forName(). Generally you are not allowed to call System.exit() in unsigned applets as it shuts the whole JVM down. Have you checked if line 80 is actually the Class.forName() line, or does line 80 have some kind of exception handler which tries to call System.exit() if the driver does not load?
Anyway, in order to load the mysql jar file in your applet, you need to include it in an ARCHIVE attribute like this:
Once you get past this stage, you will still need to host the mysql server at the same IP number/hostname as the webserver, and open it to all the same people who can access your applet. As Tony said, this isn't how people normally do it, for security reasons. Better to write something on the server side, if you have control of the app server, and use XML or some other data exchange method to get the data out to the applet. Of course if you are just experimenting to learn about applets, then it's probably fine - but do take care to keep mysql behind your firewall if possible.
如果您尝试使用小程序中的 JDBC 驱动程序,则需要使用证书对小程序进行签名,并且当小程序加载到客户端时,您的服务器需要传递此证书。
If you're trying to use the a JDBC driver from the applet, then the applet needs to be signed with a certificate, and your server needs to deliver this certificate when the applet is loaded on the client side.
接受的方法是从加载小程序的服务器发出 HTTP 数据请求,并从服务器运行查询。 JSON 或 XML 是在 applet 和服务器之间交换数据的好方法(类似于 AJAX 应用程序,在浏览器和服务器之间发送 XML 或 JSON)。
The accepted way to do this is to make HTTP requests for data from the server from which the applet was loaded, and run the queries from the server. JSON or XML are good ways to exchange data between the applet and the server (similar to the way you do an AJAX application, sending XML or JSON between the browser and the server).
正如其他答案之一(@Leigh Caldwell)中提到的,我强烈建议不要这样做。 如果您的小程序可以访问 MySQL,那么世界上的其他人也可以。 如今,反编译变得如此简单,对于勤奋的黑客来说,只需片刻的时间就能获得数据库的小程序凭据。 另外,MySQL 的用户/密码验证相当弱,其大部分安全性是基于 IP 的。 通过向世界开放它,你就抛弃了你的第一道防线。
更好的方法是在服务器端构建某种前端协议(XMLRPC 将是一个良好的基础并且易于使用)。 如果小程序绝对需要访问数据库,那么最好的选择是内存中的HSQLDB。 这不需要任何文件权限,并且可以完全在沙箱中运行。 本地内存数据库可以根据需要使用前面提到的 XMLRPC 外观与服务器同步。
As mentioned in one of the other answers (@Leigh Caldwell), I would strongly recommend not doing things this way. If your applet has access to MySQL then so does everyone else in the world. Decompilation is so trivial these days that it would only be a moment's work for an industrious hacker to get the applet credentials to the database. Also, MySQL's user/pass authentication is fairly weak, most of its security is IP-based. By opening it up to the world, you're throwing away your first line of deference.
A better approach would be to build some sort of frontend protocol on the server side (XMLRPC would be a good foundation and easy to use). If the applet absolutely needs access to a database, your best bet would be HSQLDB in memory. This doesn't require any file permissions and can be run completely in-sandbox. The local in memory database could be synchronized with the server as necessary using the aforementioned XMLRPC facade.
尝试去掉
newInstance()部分。 我认为只需使用Class.forName()即可加载驱动程序。Try getting rid of the
newInstance()part. I think just having theClass.forName()does it for loading the driver.该异常告诉您该小程序无法加载驱动程序类。 您的小程序需要在运行时通过 HTTP 下载包含该类的 jar,因此您必须在 Web 服务器上提供可用的 jar(mysql.jar 或任何名称)。
一旦解决了这个问题,用户将必须允许小程序权限,以便它可以与 mysql 数据库服务器建立 TCP 套接字连接。 他们将通过一个对话框进行提示...
The exception tells you that the applet has been unable to load the driver class. Your applet needs to download the jar containing the class at runtime, via HTTP, so you must have the jar (mysql.jar or whatever it is called) available on the webserver.
Once you solve this problem the user will have to allow the applet permissions so that it can make a TCP socket connection to the mysql db server. They will prompted with a dialog box...