Java applet for newsletter subscription - security questions

Hi all,

I need to get a user name and email to sign up for a newsletter. I'm using a Java Applet for this. Basically just textfield input and subscribe button which calls server-side PHP file with user parameters which then performs the appropriate MySql actions. No critical code or passwords are inside the Java Applet. A couple of questions bothering me . . .

1) Is a Java applet like this vulnerable to robots or other attacks?

2) What should I look out for?

3) Should I be considering a Turing Number with my applet?

4) Can a client's port sniffer get the protocols and then simulate the response and bypass my subscription page?

5) Should I use SSL?

6) Can I ensure that the PHP file only responds to posts from my applet?

7) I'm using a Regular Expression to validify email address entry - how do I screen for SQL injection? Must I screen for PHP injection?

8) To 100% validify email address I'm thinking of sending email to user without making a MySql entry, then if they confirm via email link, I make the MySql entry. Is this sound?

Any other advice to get my newsletter subscription nmice and tight will be appreciated.

 

 

 

 

Top