|
How many times do I have to repeat this: "Don't put passwords in your programs."? If a function needs a password (or any secure information) then you should always ask the user for it. That is the only way to ensure the security and integrity of your system.
I must get a clever new signature for 2011.
|
|
|
|
|
Alok sharma ji wrote: what about small client apps with ms-access or mysql, also i have obfuscated my code but still an encryption will be good, although there is no guaranty of 100% security of code, i still wants to manage as much as i can.
That doesn't tell me anything.
For example say you want to write an app that plays mp3s and keeps user information about them. That would be a "small client app" and it it absolutely pointless to worry about security in that case.
Or perhaps you are writing a custom viewer for a database in a credit card processing center. In that case look into using a database protocol (connection) that doesn't require a user at all - the user credentials of the user using the app is used automatically.
Or you write a multiplayer game the communicates with a server - then you shouldn't have database code in the client app at all. Rather it should be in the server app only.
The other suggestion about the user typing a password can be useful too. However you must then consider what happens if the user forgets the password. Or, for a small business app, what if the the only employee with the password dies or is fired? The specifics of the business must dictate if you have a way to fix that problem or if you insist that the business is responsible for that themselves.
There are some simple tricks which might be suitable. One is to break the password into pieces (two strings) and separate from the connection string. Another is to do a simple encryption of the password. Put the encrypted value in the code and then decrypt for usage. It isn't secure from anyone that can code but it does prevent the casual explorer from finding it.
Finally note that the password provides access to the database. It doesn't protect the data in the database itself. To do that you must encrypt the data itself.
|
|
|
|
|
thanks for the info, i was really worried about db and the data in it.
|
|
|
|
|
|
I don't see any Java code here; is this really a Java question?
I must get a clever new signature for 2011.
|
|
|
|
|
try without / and cannot say much without true code snipptes........
|
|
|
|
|
this is what i have...
and what is relevant to my query....
The only problem i am having is the action attribute, rest everything is fine....
If requires, please tell me what code snippets i should provide more...
modified 6-Jun-21 21:01pm.
|
|
|
|
|
Hey!
I'm trying to refactor some code, bringing some style in.
I stumbled over an expression I can not explain at all:
if ((aParent == null) || ((parent = this.getParent(aParent.getLabel())) == null)) {
}
else{
}
can anyone explain this? I tried to cahnge it 3 times, but failed totally
regards
Torsten
I never finish anyth...
|
|
|
|
|
Does this do it?
parent = null;
if (aParent != null)
parent = this.getParent(aParent.getLabel());
if (aParent == null || parent == null) {
}
else{
}
I must get a clever new signature for 2011.
|
|
|
|
|
right - this was also my first thought. However - this is not functional.
I also tried some other variations (invert it, bias variable parent, ...) - all failed.
the problem I'm facing here might be completely on another class - who knows
Strange little bit of codestyle warning - but not my biggest problem on the project.
regards
Torsten
I never finish anyth...
|
|
|
|
|
Message Closed
modified 21-Nov-20 21:01pm.
|
|
|
|
|
this doesn't make any difference. parent is null - no matter if it is set to null or not initialized at all.
Imho it's just a question of style and code reliability, more important on values like String or some number values.
Anyway, I have some more bugs in the code, need to add something like a "architecture" (I'm scared of that working package since I took over the project and brought the point up...) and - first topic on list - is to push out a deployment for the customer.
I'll let you all know how I massacred this little piece of code when I head back to that one.
regards
Torsten
I never finish anyth...
|
|
|
|
|
TorstenH. wrote: this doesn't make any difference. parent is null - no matter if it is set to null or not initialized at all.
Not quite; there is a difference between an uninitialised object and one that is explicitly set to null .
I must get a clever new signature for 2011.
|
|
|
|
|
Oh come on - that was way back when hamsters wheels where needed to get the machine started!!
The JVM takes care of not initialized stuff. It sets every not initialized object to null, every boolean to false, ...
Object Initialization in Java[^]
regards
Torsten
I never finish anyth...
|
|
|
|
|
Really? My java compiler does not seem to have read that article:
C:\Users\Richard\Documents\eclipse>javac BaseTest.java
BaseTest.java:16: variable parent might not have been initialized
if (aParent == null || parent == null) {
^
1 error
I must get a clever new signature for 2011.
|
|
|
|
|
yeah - and then I realized how time flew by. I updated my runtime from V1.0 to V6 and got aware of the eclipse project...
regards
Torsten
I never finish anyth...
|
|
|
|
|
TorstenH. wrote: The JVM takes care of not initialized stuff. It sets every not initialized object to null, every boolean to false, ...
No it doesn't.
It provides a default initialization for class member variables.
That is not the case for local variables. The compiler is responsible for flagging uninitialized locals as errors.
|
|
|
|
|
TorstenH. wrote: However - this is not functional.
Strang,e it works fine for me; perhaps there is something else that you have not explained.
I must get a clever new signature for 2011.
|
|
|
|
|
|
|
The message is reasonably clear; the HTTP server encountered an error which is recorded in the server logs.
I must get a clever new signature for 2011.
|
|
|
|
|
Hi All
I use adb command for install .apk file in java,it's run successfully and install in android phone.Now i want to start application automatically when application is install successfully.Please help me
|
|
|
|
|
I have a reporting application pulls in data via a JDBC connection and fills my report. It can use any standard JDBC driver that supports Prepared Statements. I now have the need to query XML files directly. Does anyone have any suggestions on a JDBC driver that will read an XML File? What I am looking for is an XML equivalent to CSVJDBC.
So far I have found two options that don't fit my situation very well.
StelsXML - Looks promising but this project currently has no budget.
Ashpool - Open source license. Looks abandon and still has major issues.
|
|
|
|
|
Zig158 wrote: I now have the need to query XML files directly.
There are of course ways to extract information from XML data which have nothing to do with JDBC.
|
|
|
|
|
Yes I could extract the XML data to a database and then query it from there. I am trying to avoid this because it will require changes to the process that I do not control. The goal is the load the XML file like a table the same way CSVJDBC lets you load a CSV file like a table.
|
|
|
|