----- Original Message -----
Sent: Tuesday, July 13, 1999 12:25
AM
Subject: RE2: Servlet Applet
Communication
Hi
Andy,
If I
use trusted applet to read file from local directory of server and servlet
will write into this file everytime username and password are written into
this file?? Will this create any problem??
Thanks for your previous reply.
regards,
Nitin
Hi Nitin
You don't need a trusted applet to read files
from the web server from where the applet was loaded from. Reading and writing
files
asynchronously with other objects (in this case
your servlet and your applet) can cause problems.
There are also security problems associated with
this method as well. When dealing with user verification I would use the
applet
to send an encoded version of both username and
password to a servlet which decodes and verifies them. Some form of
persistent
store can be used safely (a database is your best
bet for this) so that a) your password file is not visible to the web directly
b)
you don't have an applet using a file that may be
being written to at the time the file is being read c) you minimise traffic on
the server and
last but by no means least you can dedicate a
servlet to the task of user verification.
Having said that I am not totally sure what it is
you wish to achieve.
Andy Bailey
