Safe method for database calls between client-side and server-side in JAVA & Servlet?

Question

i am builds a java chat application , based on Java Secure Sockets and JavaFX and use Derby Database on the server side to record the members in the database ,

My Question is , how i make a secure connection between the Client Side Applet and the Server Side ? instead of the direct connection to the remote database from the client side to the server side ?

i had an idea to use Servlet as a Remote API , and calling it from the client side , and tell it the command to run it in the remote database on the server ?

Is this method Safe and Secure ? but i am worry about that may a bad people try to fetch the API URL , and try to call it badly and add wrong records to the database without needs to login the client-side application and try to hack the database ? so how i secure my self from this matter ? with notice that the client-side Application may be installed in many computers , so don't tell me to secure the API by determine the remote IP which capable to connect via the API :)

And if there are any other more secure methods please tell me

Thank you ,

Answer 1

Your application seems to be a good candidate for a standard three-tier architecture. Using servlets as a proxy between your client and the DB is a good and widely used approach. Among other benefits it allows you to use a higher level transport (HTTP) instead of dealing with sockets. You can create a simple REST API to handle client requests and call it from your client. I believe, it will also make the client code simpler.

Is this method Safe and Secure?

Yes. You can use HTTPS for traffic encryption and HTTP basic authentication to protect from unauthorized calls to your service. These security features are a part of the servlet specification. Alternatively you can use other frameworks (like Spring) for it.