I've been developing a Java desktop app from some time and basically what it does is to CRUD data of a MySQL database online. My problem now is security, I don't want to hardcore any user information on the client app. I'm thinking of two ways of doing this:
Harcode most of the MySQL statements in the client app and use the server app to transfer user and password information to the client, so the client can connect directly to the database. Which I don't like that idea because I don't want the user to have any way of getting database credentials.
Using a 3-tier architecture. I have the client app almost fully coded, I have the server running on MySQL, now I need a middle layer to handle all the logical operations, credentials and everything and for that to communicate with the client app, example: if the client app asks for an inventory list, then the server check it's credentials and send the client app a file with all the inventory.
My problem is this:
3rd choice: Web app running all your business logic on the server-side with the user-interface running remotely in a web browser using auto-generated HTML/CSS/JavaScript. The user would be running a web browser rather than your web browser.
In this scenario, the client never touches your database directly nor runs any sensitive code. I think of this as a modern reincarnation of the old X Window System (app on server, UI remotely rendered).
There are two such platforms:
In both of these products, the web browser is used to display the user-interface widgets such as labels, fields, buttons, pop-up menus, lists, and data-grids. When the user uses any of these widgets, an event is raised on the server-side. Your business logic then executes on the server-side. Your business logic and database connections live only on the server. The client gets nothing more than the data to be displayed in forms on screen.
Both of these platforms auto-generate all the HTML, CSS, JavaScript, DOM, AJAX, WebSocket, and Push code. So you need not master those web technologies. Both of these platforms can be used with any modern web browser as they use only standard web technologies. No plugins or applets involved.
You will need to rewrite your app. But this may not be as daunting as it sounds. Most of the work in a desktop app is in the design, working out the details of user experience, and deteriming business rules. That would all transfer over to your Vaadin or Xojo work. And if using Vaadin, all your non-GUI Java code would be directly transferable.
If your native local app had special features that cannot be recreated within the limitations of a web app, then this approach is not suitable. But you said the main purpose of your app is database CRUD. Such business-style forms-oriented apps are the main purpose for Vaadin & Xojo Web Edition.
Vaadin has early support for Progressive Web Apps (PWA) to enable a web app running offline. Currently bleeding edge, but improving, with browsers already building in support for the necessary infrastructure. If PWA can be made to work well, some kinds of desktop apps could be replaced with a PWA web app.
See the Vaadin Progressive Web App Handbook.