Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last month.
Improve this question
Account is new but I've been reading on this website for years and I now need some advice.
Still pretty new at Java and I am developing a desktop application that deals with personal information relating to the user but also their social circles.
What would be the best option to keep these info safe? I am not considering external DB (like MySql which I am using so far for my beta) as it means potential users would have to install and configure some other softwares, also not considering serialization as I don't really like the idea of an external txt file (please correct me if I am wrong about any of these two points).
Is there a way to directly store info in the application? Could someone please give me some perspective on the matter and recommend leads?
(And sorry if a previous thread covers my concerns, I did not find it!)
Thanks a lot in advance!
Good night, evening, day or morning!
Modern OS design and security principles strongly dictate that an app should not have write access to itself. There are real hacky ways (complex, hard to write, most libraries don't work well with it, and fragile, in that it'll easily break on some systems) to write into your own jar, but it's a bad design in any case, let alone when you take into account that complex and fragile.
You can't reasonably encrypt anything (because the password will have to be inside the app) unless the user has to enter the decryption password as they start your app / open your 'storage file' if it's a multi-document kind of deal, in which case, by all means, do that.
h2 is an all-java database engine, no need for the user to install separate anything, it produces a single file with the data. It's that or handroll your own serialization to a separate file in the user's home or ~/Documents or whatnot. You'll have to hardcode for each major OS the right location if you don't just want to 'write to .myapp.bin in the home dir of the user' which you can easily do via System.getProperty("user.home").
So, yes, you are wrong on both points:
DB/SQL is fine - there is no need to force the user to install a separate library. sqlite can do it (but this does involve DLLs and the like; sqlite JDBC driver takes care of this), but I'd recommend h2database.com for this purpose.
It will be a file. It won't be a txt file. This is good.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I write a service which stores millions files (20-30mb file) on a disk and I need to write a search function to find a file by name (there is no need to search file content) or view files in explorer (for example, navigate in browser as a folder structure). I want to make it fast, reliable and simple in Java. Say, I plan to run two services both of which can be used to upload a file or search files by name pattern. What will be the best technology/approach to use to implement this? Store a file on a disk as well as the path and name in the database, search against the database and fetch findings by path from the database? Any other good ideas? I thought about elasticsearch but looks like a heavy solution.
This question is too broad and rather not in a format of SO (concrete programming questions mostly with code snippets that try to address a concrete technical difficulty given the set of technologies).
There are many ways to fulfill your requirements. Yet, based solely on the information presented in your question, its impossible to recommend something because we don't really know your requirements. I'll explain:
I plan to run two services both of which can be used to upload a file or search files by name pattern.
Does this mean that the file system has to be distributed?
If so, consider Cloud solutions style aws's S3.
If you can't run in the cloud, here you can find a comprehensive list of distributed filesystems.
Elasticsearch can also work of course as a search engine, but its more a full fledged search engine, so looks like an overkill for me in this case.
You might want to work directly with lucene so that you won't need to run an additional process that also might fail (ES is built on top of lucene). Lucene will store its index directly on the filesystem, again if it meets the requirements.
Now you're talking also about the database - again a possible direction especially if you're already have one in your project. In general relational database management servers have some support of searching but there are more advanced solutions: in PostgreSQL for example you have a GIN index (inverted index) again the same concepts for full text search that go way beyond standard's SQL's LIKE Operator.
Yet another idea: go with a local disk. If you're on linux there is an indexing utility called "locate" that you can delegate the index creation to.
So the choice is yours.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I want local store some user (username,password) on disk and in the next step maybe informations about the user(birthday,gender,...).
I work whith Eclipse and use Java as language.
There should be local file with a structure for storage.I also can use a txt-file and storage the informations like this:
username1,pasword1;username2,password2;
But this is not good if you want add more informations.
Some criteria which guillaume girod-vitouchkina assumed (thank you!)
The data:
is stored local on a single pc
is used just for the login
is not used other programs
is going to be read at the start of the program
should be not modify by other people
is not used for server-stuff
I googled a bit and found out that XML,JSON might be a possible solution but not sure which one is typical format used in a Java projects for this kind of stuff.
Thanks :)
There is no typical data storage type, there are several designs and tools.
And Java can use almost every kind of storage, using wrappers or gateways if needed.
When I see your datas, it is like a directory, with confidential datas (password). Nowadays, nobody stores passwords in clear !
But as usual, it depends on what you want to do:
you want to store, yes, but do you want to read your datas: by who, by what program, frequently or not ?
is it critical datas ? can you lose them ?
do you change them regularly, or never ?
if you change them, do you want to keep old datas, or traces of changes ?
everybody can see your datas ? everybody can modify them, can delete them ? What about security ?
what kind of architecture do you have ? a single PC, a server, local ? Is it for a web app ?
after that, you can think about format, locale, ...
After all, you can put them in a file like you do, of course, or enhance it a little or a lot.
Hope it helps.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I need to submit some software to the university I attend and this software must be runnable from a storage device. The software was designed with an MVC architectural structure and was implemented using Java for the frontend and MySQL CE for the backend.
The bulk of my experience has been with front-end java development in Eclipse so I am quite uncertain about how to go about deployment when there is a database involved. This is actually the first 'real' application ive written which involves a database and my first attempt at implementing the the MVC pattern.
Im only a student at this point so please bear with me. This is what I know:
I can compress my java files into a jar and deploy it no problem (this I have done before)
To get this program to work I had to include a MySQL connector so this must be provided but it seems like this will all be part of the compressed jar (I obviously have some uncertainties surrounding deployment, sorry)
I wrote two scripts, one to create my database and one to populate it with test data and these must be provided somehow.
Whoever is running my software must obviously have a MySQL CE version running on their system so this must be somehow provided
I have searched around for a solution but I study by distance, so I don't really have any source of guidance aside from the awesome people on stackoverflow and the less helpful google search.
Possible solutions in my head:
somehow write an installer/configuration file similar to what is provided with commercial software (this is not my optimal choice due to the fact that I have 2 more weeks till submission and I am prepping for exams but if it is the only way please point me in the right direction .. its something I will need to know soon anyway)
On my searches through Stack Overflow I saw something which suggested that another version of MySQL - MySQL lite or something similar, could be used in these situations (again not optimal due to the amount of rework involved, but if its got to be...)
Thanks in advance
How can I embed SQL to your application
Till the time I know you can not embed MySQL to your application. Rather it will be a necessary component.
So make a user interface that will guide the user to provide the database name. Then you will use this database name to create a database (and also tables which are used by your appliction).
If your connection encounters error then tell the user to install MYSQL (Also it will be on your documentation). Then save this database name, username and password as configurations for your application (may be XML file) but for security reasons do not forget to encrypt password.
Use saved credentials for your work.
I was having the same problem earlier in my college project and I fixed it in the same way.
One strong reason not to provide MYSQL or any other software as embedded with your application is the Copyright. So respect the others and let the user to take the headache.
Edit:
When you are showing splash screen, of course your will run the test connection, in this phase you will validate the database and tables and all resources to run your application, if some error(means some thing wrong with DB) the show error to user that please configure database and show configuration help (repeat step 1, 2, 3). When it is configured correctly go on.
As seemed you are confusing some thing that you are unable to tell?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I have a small doubt, I trying to make my application secure as much as possible so is it possible we can make a setup file that will run only once and after that it should not run on any pc. It sounds STUPID but is it possible. I don't have any code to show, I just want to know can we make it in JAVA
The setup wizard doesn't actually control when, or if, it runs. Nor does it control how many times one wants it to run. So the direct answer to your question is "no"; however, it is quite possible (and even desirable) to have the setup wizard check for "artifacts" of being ran a previous time.
If you have a setup wizard detect a file or setting which the wizard would be the only likely creator and then shutdown if it is detected, then effectively you can guard against the critical section of the wizard being run twice.
You could have the application connect to a website to check if it has been installed however it would require internet connection at the time of installation.
Then during the installation you would send notice of its installation.
I use a system like this. At time of download it generates a serial number and inserts it into a file that is later read by the installation system and used to "register" the product during installation.
No. You can put some reasonable steps in place to make it more difficult, but anyone truely interested in breaking your security mechanism will likely be able to.
Anything you create can be copied and executed any number of times, even if the running copy deletes itself afterwards.
This leads to the requirement of external authentication against some server each time the setup program is run. This however is also not guaranteed to work, just look at how easy/quick video game DRM is to crack as an example.
You could read from a file that contains either true or false. Wrap the start-up of the wizard in an if statement to only execute if this variable is false, then at the end of the wizard change the file to say true. If you want to make it more secure you could encrypt the file and then decrypt to see what it says.
"Is it possible" is always a tricky question, for many reasons.
I think it is unlikely that you will be able to create this to work the way you want, simply because you're talking about a security question, and if anyone is seriously interested in violating your security measures, then there will be someone better at breaking than you are at locking.
Whether your software will inspire that sort of interest, I have no way of knowing. The important question in security is "can I make this secure enough for my purposes?", and we don't know enough about your requirements, expected threat models, and so forth.
All in all, the best answer I can give you is: if you want security done right, don't do it yourself. Go to a professional and have them secure it. You want to know enough about security to evaluate the professional, so you have some hope of getting what you pay for, but you don't want to try to write that code. You might be good at writing spreadsheets or mail clients or whatever you're writing, but you're clearly not good at writing security, and it's not something you learn in a day.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Out of fear that someone will downvote this question because piracy is not preventable, I want to make it clear that the system I have put in place is only to deter pirates, and I am asking this question to ensure that it causes as little annoyance possible.
Currently, my system uses a combination of the MAC address, CPU Type and the HDD serial to create a hardware fingerprint (not the problem). Using Windows all my life, I have been pretty naive towards the simplicity of installing (and 'uninstalling') applications on OS X. At the moment I am storing this hardware fingerprint in a location in ~/Library/Application Support (so that Administrator passwords aren't required) as I had the intention of removing the application with an uninstaller. I know that some Mac applications use uninstallers, but personally I don't want to intervene with the simple drag 'n' drop process that is the convention.
I am going to implement functionality that will check the online database the see if the fingerprint of the machine running the software corresponds with the fingerprint that was bonded with the serial key upon licensing the software (If the user has an internet connection). Though, that would still require a way to store the serial key that was used and I want my users to be able to run the software without an internet connection.
Does anyone have any experience in this field or have any suggestions as to how I could still allow my software to be installed and removed using drag 'n' drop while still implementing my licensing system?
Thanks in advance.
Instead of storing the hardware fingerprint, just calculate it when you need it.
I do not know if the Preferences API would work for you in this situation, otherwise it could be used.
I don't suppose this is actually a proper, nor does it have a common answer. I also think I've probably jumped the gun and asked the wrong questions because in my more recent question that I asked I got the information I was looking for. So, the answer I really wanted/needed:
(It turns out) It's okay to leave files behind in Application Support (and Preferences). Some would even consider it desirable. So I'm going to store the licence file and a configuration file in a subdirectory of ~/Application Support and let my users decide where to put their 'database directory'. That way everyone wins (well, pretty much)!
Just an FYI, The problem wasn't with what I had, it was with where it went (file wise).