|
encrypt/decryt the String - or add some obfuscation[^] to the complete code - that's probably the best solution.
regards
Torsten
I never finish anyth...
|
|
|
|
|
encrypt string will do fine but how to achieve it in java code, i am more .net friendly then java.
Regards
Alok sharma
|
|
|
|
|
|
I am not sure how much information you have in your code but from your comments it would suggest it includes a password. In such cases you should not include this information in the classs but add it at run time from input by the user.
I must get a clever new signature for 2011.
|
|
|
|
|
yes actually the password/user name is there in my .class file for dbconnection thats what i want to hide.
Regards
Alok sharma
modified on Friday, February 4, 2011 7:48 AM
|
|
|
|
|
This is still he wrong way to do it since anyone can then run your program and get access. As I said before you should obtain this information from the user and then add it to the string to connect to the database; so if the user does not know the password then access to your code will be of no use.
I must get a clever new signature for 2011.
|
|
|
|
|
Alok sharma ji wrote: any suggestions...
You start by actually defining the problem domain.
For example is this a server application or a client app?
Is the server app installed on a server that isn't secure?
If it is secure then what is your concern about access to the server app?
What happens if I get on the machine running this and reverse your class and then replace it with one of my own. So after you unencrypt it my class writes it out to the hard drive for me?
What database do you use? MS SQL Server has a user authentication mode - no password. Pretty sure Oracle does as well.
|
|
|
|
|
what about small client apps with ms-access or mysql, also i have obfuscated my code but still an encryption will be good, although there is no guaranty of 100% security of code, i still wants to manage as much as i can.
Regards
Alok sharma
|
|
|
|
|
How many times do I have to repeat this: "Don't put passwords in your programs."? If a function needs a password (or any secure information) then you should always ask the user for it. That is the only way to ensure the security and integrity of your system.
I must get a clever new signature for 2011.
|
|
|
|
|
Alok sharma ji wrote: what about small client apps with ms-access or mysql, also i have obfuscated my code but still an encryption will be good, although there is no guaranty of 100% security of code, i still wants to manage as much as i can.
That doesn't tell me anything.
For example say you want to write an app that plays mp3s and keeps user information about them. That would be a "small client app" and it it absolutely pointless to worry about security in that case.
Or perhaps you are writing a custom viewer for a database in a credit card processing center. In that case look into using a database protocol (connection) that doesn't require a user at all - the user credentials of the user using the app is used automatically.
Or you write a multiplayer game the communicates with a server - then you shouldn't have database code in the client app at all. Rather it should be in the server app only.
The other suggestion about the user typing a password can be useful too. However you must then consider what happens if the user forgets the password. Or, for a small business app, what if the the only employee with the password dies or is fired? The specifics of the business must dictate if you have a way to fix that problem or if you insist that the business is responsible for that themselves.
There are some simple tricks which might be suitable. One is to break the password into pieces (two strings) and separate from the connection string. Another is to do a simple encryption of the password. Put the encrypted value in the code and then decrypt for usage. It isn't secure from anyone that can code but it does prevent the casual explorer from finding it.
Finally note that the password provides access to the database. It doesn't protect the data in the database itself. To do that you must encrypt the data itself.
|
|
|
|
|
thanks for the info, i was really worried about db and the data in it.
|
|
|
|
|
|
I don't see any Java code here; is this really a Java question?
I must get a clever new signature for 2011.
|
|
|
|
|
try without / and cannot say much without true code snipptes........
|
|
|
|
|
this is what i have...
and what is relevant to my query....
The only problem i am having is the action attribute, rest everything is fine....
If requires, please tell me what code snippets i should provide more...
modified 6-Jun-21 21:01pm.
|
|
|
|
|
Hey!
I'm trying to refactor some code, bringing some style in.
I stumbled over an expression I can not explain at all:
if ((aParent == null) || ((parent = this.getParent(aParent.getLabel())) == null)) {
}
else{
}
can anyone explain this? I tried to cahnge it 3 times, but failed totally
regards
Torsten
I never finish anyth...
|
|
|
|
|
Does this do it?
parent = null;
if (aParent != null)
parent = this.getParent(aParent.getLabel());
if (aParent == null || parent == null) {
}
else{
}
I must get a clever new signature for 2011.
|
|
|
|
|
right - this was also my first thought. However - this is not functional.
I also tried some other variations (invert it, bias variable parent, ...) - all failed.
the problem I'm facing here might be completely on another class - who knows
Strange little bit of codestyle warning - but not my biggest problem on the project.
regards
Torsten
I never finish anyth...
|
|
|
|
|
Message Closed
modified 21-Nov-20 21:01pm.
|
|
|
|
|
this doesn't make any difference. parent is null - no matter if it is set to null or not initialized at all.
Imho it's just a question of style and code reliability, more important on values like String or some number values.
Anyway, I have some more bugs in the code, need to add something like a "architecture" (I'm scared of that working package since I took over the project and brought the point up...) and - first topic on list - is to push out a deployment for the customer.
I'll let you all know how I massacred this little piece of code when I head back to that one.
regards
Torsten
I never finish anyth...
|
|
|
|
|
TorstenH. wrote: this doesn't make any difference. parent is null - no matter if it is set to null or not initialized at all.
Not quite; there is a difference between an uninitialised object and one that is explicitly set to null .
I must get a clever new signature for 2011.
|
|
|
|
|
Oh come on - that was way back when hamsters wheels where needed to get the machine started!!
The JVM takes care of not initialized stuff. It sets every not initialized object to null, every boolean to false, ...
Object Initialization in Java[^]
regards
Torsten
I never finish anyth...
|
|
|
|
|
Really? My java compiler does not seem to have read that article:
C:\Users\Richard\Documents\eclipse>javac BaseTest.java
BaseTest.java:16: variable parent might not have been initialized
if (aParent == null || parent == null) {
^
1 error
I must get a clever new signature for 2011.
|
|
|
|
|
yeah - and then I realized how time flew by. I updated my runtime from V1.0 to V6 and got aware of the eclipse project...
regards
Torsten
I never finish anyth...
|
|
|
|
|
TorstenH. wrote: The JVM takes care of not initialized stuff. It sets every not initialized object to null, every boolean to false, ...
No it doesn't.
It provides a default initialization for class member variables.
That is not the case for local variables. The compiler is responsible for flagging uninitialized locals as errors.
|
|
|
|