Cheat Engine

[sangeli]

tl;dr? see very bottom.

I want to make a better solution to this issue I have been having for a while now. Pretty much, I want a client sided java application to have a better interface with my website. The java application will send and request login information, and retrieve data from mysql databases on the website. The java application also uploads files to the website.

The current method of doing so I have now is pretty sloppy, and its a workaround of how I think it should be. I send and receive data by opening up URL connections to a web page with php code to process the POST data from the java application and echo the responses. This is probably not the best way of client-server communication I am guessing. I have read some server sided application stuff, like the java.mysql package and using cgi scripting, but I have not really found what I need.

Can anyone help?

tl;dr people: How would one send/receive data from a client sided java app to my website, retreiving and processing mysql information along with sending files to the server?

[HomerSexual]

I am not that experienced here, but since you're using java I can give you a possible solution based on a server-client concept I just had to work on.

Basically, you would need to be able to run some sort of app on the server to handle messages. I do't know if you're hosting the server or not, or what people offer these days. You could use Java, c++, rails, whatever it is the idea will be the same...

Set up a connection listener for HTTP requests that the client will send. So say the server contained a table called Table and you wanted to get the Table at row n. HTTP Request: GET "Table\n"

This also goes for posting information (such as a login), that your server would receive.

When i did the proof of concept, we HAD to use this library called JSON (GSON), it's pretty cool. It lets you send Java objects backandforth over the network even if they're private. You could use that for an affective way to send data.

tldr; Listen for HTTP Requests, when the requests are received, parse them and do what they say, either returning a login status, or information.

[atom0s]

All of your MySQL should be done on the website, not the application. Even allowing the application to send actual queries is a security risk, so you will want the application to send the least amount of data when querying the database.

Using HTTP requests or a PHP backend to handle the requests isn't really bad, a lot of sites still use that method. If you want it to be better formatted you could look into using SOAP, or building web services. Just be sure that you plan out your backend to be secure and not 'open' in the sense that expose only what is needed and nothing more.

Be sure to error check all incoming data and be sure to escape any strings to help ensure that anything you use in the queries doesn't attempt to damage your database(s).

A fairly common approach is having your application send a login request, the website will either deny the login with an error or say ok and send back a session key that is valid for your client to communicate with the rest of your backend API. Without that key nothing else works to help ensure the connection isn't malicious and so on.

Client -> Server : api.php?u=test&pass=djgw45hkjgzxd
Server -> Client : 1:lj234h9sdfhjawj345h239478sdgfgq23
Client -> Server : api.php?k=lj234h9sdfhjawj345h239478sdgfgq23&a=getlatestposts
Server -> Client : <xml serialized page of new post data etc. from a form>

Typically something like that to identify the call to other actions saying 'I've logged in already, heres my token to prove it' etc.

I'm not sure if Java has the ability to create web services like C# has for Windows. If it does, you may want to look into that route too.

[sangeli]

ok so it seems like sending GET or POST data to a php page is fine. I have one question about the session key. Do I want to create a session/cookie from the php side that says the current connection is not malicious, or should I store the session key in the mysql database?

[atom0s]

[sangeli]

thanks wiccaan you da best