JDBC from getting started to mastering three

5. Security Considerations

As a language on the network Java must be very safe to consider. Based on the above discussion, we have to consider security issues in the two main uses of JDBC:

* In the Java applications, Java code is local, so it is also "trusted"

* No validated Java applet code can not access local and other network data.

5.1. JDBC and unauthenticated applets

JDBC must first conform to the general security rules of Java. Other than that:

* JDBC must think that the applets is unreliable.

* JDBC does not allow unreliable applets access to local databases.

* A JDBC driver that has been registered to the JDBC DriverManager can only access the data source it comes from.

* An applet can also only access data to the server it download.

If the JDBC driver layer is fully convinced that opening a connection to a database server does not cause authentication or permissions issues (which may be caused by programs running on a random host on the web), it allows the applet to open such a connection.

The database server does not restrict access by IP address is very small, mainly for example. (beware, this passage I may translate!!! Let's look at the original. These restrictions are quite cumbersome. But they are consistent with the restrictions on general applets. We don't need to let go of these restrictions.

5.2. JDBC and Java applications

For a common Java application, such as all Java code rather than an unreliable applet, JDBC will be driven from the local classpath and allow applications to freely access files, remote servers, and so on.

But like applets, if for some reason an unauthenticated sun.sql.Driver class is obtained from a remote source, the driver can only match the code in the same place.

5.3. Driver's responsibility for security

JDBC driver may be used in a variety of situations, so the driver's creator follows certain simple security rules to avoid an illegal database connection by the applet.

If all drivers are downloaded from the web like applets, then these principles will be unnecessary because the common security rules have already been limited.

But the driver must remember that once their drive is successful, the user will install these drivers on the local disk, and the driver will become a trusted part of the Java environment, so it must be assured that it will not be abused by the visiting applets. So we encourage all driver writers to follow a certain security principle.

All of these principles are used when the connection is open. This formal drive and virtual machine Check whether the current caller is really able to connect to the specified database at the moment. Once the connection is established, no more checks are required.