enlightenedby42
Supreme [H]ardness
- Joined
- Jan 19, 2005
- Messages
- 4,412
Ok, so I have had an internship with a very small software company for about 3 months now. Bear with me here, as I'm new to this stuff and mostly making sure there aren't huge fundamental flaws in my planning here. (this is very long, sorry, but a lot of background to describe the situation was needed)
Until recently, we've dealt exclusively with database heavy Windows apps for the HR departments of large trucking companies. Some of our customers are wanting simple web applications, and none of us (only 3 people) have ever done much of it before, so I've been tasked to find out the right/wrong ways to go about things. Haven't made it to web server design in school yet, so I'm flying by the seat of my pants here so again apologize for my n00b-ness.
Basically, the first thing we want to get out into the wild is a very, very simple web page that will allow a recruit to enter some information into a form, which will perform a parameterized query based on information gotten from the form, and display the recruit's job application status based on information existing in the database. The customers (and I) don't want to hassle with user registration, logging on and logging off, etc. This will be a one shot deal where you enter two numbers you are given into fields on a form, and information is displayed based on that. Also, when a user checks their status, the time and date they checked will be added to another table associated with that recruit's primary key so recruiters (and we) can get some feedback on whether its being used.
The thing about this is it needs to be designed in such a way that we can just give the code/html/whatever to a couple of customers so they can host it on their own existing servers and stick it on their own web sites (this is stuff our customers asked for by the way, personally I'm not sure if it will ever be used, but that's business I guess). Its just a free extra we're doing to a.) provide a requested feature to loyal long term customers for free and b.) break into more web applications, as it is clearly a necessity for the future
I'm most adept at coding in Java, and have a moderate bit of experience writing servlets to interact with Greasemonkey scripts via the xmlhttprequest. I'm no pro, but I basically understand what needs to happen on the database end of things (we use Firebird/Interbase stuff, and we've already done a good bit of proof of concept stuff as well as designed some general purpose DB wrapper and helper classes to handle queries and DB connections, so that's not the issue here so much).
So that's the background, and (finally) a few questions. First, is it a fundamentally horrible idea to just have a "one shot" approach where there are no logins or anything of that nature? Adding necessary registration beyond the candidate's already hefty paperwork requirements would probably cause people not to use it. My plan is basically to reuse our current working database wrappers and such, and make a fairly simple JSP that will dynamically display the needed information fetched from the database.
Are there any horrible security flaws with this? Our thinking is if it there aren't DB connections remaining open it SHOULD be more or less secure. Also, we are currently using Apache Tomcat (with Netbeans if that matters), and have found all sorts of issues with the server crashing in Netbeans and requiring reboots and stuff...we have tracked some of these issues to the open source JDBC driver (jaybird) we have to use for firebird, but is Tomcat as a whole a good tool to handle the back end stuff for something simple like this?
I apologize for the length of the post and probable lack of clarity, but any feedback from old hats at this stuff would be greatly appreciated.
Until recently, we've dealt exclusively with database heavy Windows apps for the HR departments of large trucking companies. Some of our customers are wanting simple web applications, and none of us (only 3 people) have ever done much of it before, so I've been tasked to find out the right/wrong ways to go about things. Haven't made it to web server design in school yet, so I'm flying by the seat of my pants here so again apologize for my n00b-ness.
Basically, the first thing we want to get out into the wild is a very, very simple web page that will allow a recruit to enter some information into a form, which will perform a parameterized query based on information gotten from the form, and display the recruit's job application status based on information existing in the database. The customers (and I) don't want to hassle with user registration, logging on and logging off, etc. This will be a one shot deal where you enter two numbers you are given into fields on a form, and information is displayed based on that. Also, when a user checks their status, the time and date they checked will be added to another table associated with that recruit's primary key so recruiters (and we) can get some feedback on whether its being used.
The thing about this is it needs to be designed in such a way that we can just give the code/html/whatever to a couple of customers so they can host it on their own existing servers and stick it on their own web sites (this is stuff our customers asked for by the way, personally I'm not sure if it will ever be used, but that's business I guess). Its just a free extra we're doing to a.) provide a requested feature to loyal long term customers for free and b.) break into more web applications, as it is clearly a necessity for the future
I'm most adept at coding in Java, and have a moderate bit of experience writing servlets to interact with Greasemonkey scripts via the xmlhttprequest. I'm no pro, but I basically understand what needs to happen on the database end of things (we use Firebird/Interbase stuff, and we've already done a good bit of proof of concept stuff as well as designed some general purpose DB wrapper and helper classes to handle queries and DB connections, so that's not the issue here so much).
So that's the background, and (finally) a few questions. First, is it a fundamentally horrible idea to just have a "one shot" approach where there are no logins or anything of that nature? Adding necessary registration beyond the candidate's already hefty paperwork requirements would probably cause people not to use it. My plan is basically to reuse our current working database wrappers and such, and make a fairly simple JSP that will dynamically display the needed information fetched from the database.
Are there any horrible security flaws with this? Our thinking is if it there aren't DB connections remaining open it SHOULD be more or less secure. Also, we are currently using Apache Tomcat (with Netbeans if that matters), and have found all sorts of issues with the server crashing in Netbeans and requiring reboots and stuff...we have tracked some of these issues to the open source JDBC driver (jaybird) we have to use for firebird, but is Tomcat as a whole a good tool to handle the back end stuff for something simple like this?
I apologize for the length of the post and probable lack of clarity, but any feedback from old hats at this stuff would be greatly appreciated.