Hello,

This is my first post on this forum, because I've so far used hibernate without any blocking problem that'd require me to ask for help.

But this time its different :)

I've read the documentation very widely, without finding what I'm searching for.

Here is the objective : I want my Java application that uses hibernate to generate the SQL queries only, and sends that resulting query to another application server ( let's say a PHP page for example ).

Then my PHP page could check if the query is allowed for that user, and it would simply execute the query on the database.

The advantage of this system, is that users of my java application can't fake the queries to do anything they want, and they would never have a clue about how to connect to the database.

The problems :

1) I don't know how to tell hibernate that it should send the query to a page through HTTP protocol as a post variable for exemple. I don't even know if it's possible, or if I need to make some kind of weird query catching system.

2) I don't know how my page ( let's say a PHP page, but it could be anything else ) has to format the return message so that hibernate can catch it and interpret the result.

3) I don't know how to catch the returning results from my PHP page with hibernate.

Any help would be _greatly_ appreciated ! :-)

Cheers.

weird requirement but the best way i can think of is that you write an implementation of java.sql.Connection that does the magic.

This is the most interesting application design I've ever seen. Amazing...

I'll take a look about this suggestion, thank you for your answer :)



I guess you are being ironic, but I haven't figured out a better system to make my application meet those requirements :

- Multi SGBDR capable. Hibernate offers that.
- Secure to the point that nobody could fake queries ( I don't have a J2EE Server for this application, it's an heavy client application, and I know that somebody with some knowledge of internals could decompile and make the program make any query he wants ) With this system, the person doesnt know the database location, and doesn't have an hand on the server side code, which could make all the verifications, including authentification identification, and rights management.
- That my application could be installed in a classic PHP/MySQL server, or any variant, for exemple PHP/PostGreSQL or other.

If you have a better idea, I'd be thankfull :)

Security can not be created by obscurity. You need a system based on stored procedures and/or tight permissions on the database server, that's all. No layer of complexity you add in front of this is going to change this fact.

I totally agree with you about that, but the goal of my application is to allow the final user to install it easily on its own "hosting space", whether it's a php or an asp webspace has to be transparent for the user. The database type has to be transparent as well.

Ideally, my user would do those steps :

INSTALLATION :
1) Download the application named "Installation" of my application, which is an heavy client.
2) Use that heavy client to connect to the database, and in that heavy client, inform about what kind of database is used, about the ip/host, login and password to it. Also inform about what kind of web scripting is used ( let's say PHP ).
3) Click the install button, and my "Installation" heavy client would create all the needed tables for my application. Those tables are the ones mapped in hibernate.
4) My "Installation" application would also create a page ( coded in the language of the web scripting language chosen in step 2 ) with the required login/pass and ip infos. Let's name that page "myapplication.php".
5) Final step to finish the installation is to upload that page.

EXPLOITATION :
1) Download the application named "Client" of my application, which is an heavy client.
2) Simply connect with it to the "myapplication.php" url. Use a login/pass for administering rights. Only the URL matters here, unlike the "Installation" part. All queries are done with hibernate generating the right SQL and there is no information on the client about _how_ to connect to the database, or even _where_ the database could be.

An important thing to note is that I plan on making my "Client" application able to connect to multiple servers. Let's say you can provide as many URLs as you wish, by a "Favorites" like system.

I hope my goal is clearer like this, and that you understand my concern about making my application communicate though a "layer" coded in another language than Java.

If you can give me a hint, or whatever, I'll gladly take it ! I will already check about what I can do with implementing a java.sql.Connection, but I guess I'd have to learn a lot about Hibernate internals to make it work..

Oh and I didn't make it clear on my post : the Installation application is _ONLY_ used by the server administrator, after that, people who would want to use that service, would only need to download the "Client" application, and find the URLs of the service :)

I'll make this message go up only once, no worries.
If you have any idea that could help, specially if you eventually had to manage something similar, please give me some hints.

Thanks in advance :)