Im pretty sure this is a question that someone already has made, but Im also sure that this has a concept name which I dont know and I would like to get known, therefore I can research more about.
My java app has some setup files, which can be openned as a txt file to manually modify. I would like to prevent those files from being openned manually (by that I mean through the explorer and notepad), I only want them to be modified thorugh the GUI of my application. How people handle this? Some sort of cryptography for each setup file?
I don't think that it is possible to prevent opening a file. But you can put them in system folders e.g. %PROGRAMDATA%. Not exactly what you are asking for but hides them at least from an "average" user and is a common practice.
You could also serialize and deserialize your setup files in binary format.
Another way is - like you proposed - crypting them.
It depends on how secure you want it to be. If you just want to prevent modification by casual users, you could pass some sort of obfuscation over the text to discourage people (e.g. xor with a known value), or you could zip each file.
If you want it more secure, such that even someone with some smarts can't get into them, then you would want to encrypt the files. You could do a search for "java encryption" to see where people have gone with that.
Related
I'm working on an application that generates a series of files based on user input that would be later uploaded to a cloud service.
It is important that these files remain intact (prevent modification or deletion) before they are uploaded.
What would be the best way to accomplish this? I could work with Windows only solutions. I know that a sufficiently motivated advanced user would be able to do it anyways but I'm looking for solutions to obscure or just make it harder than 'Select all > Delete'.
All these generated files will be within the same folder.
Thanks in advance!
Edit: I previously stated that I didn't mind the files could be read but that would enable copying and storing them somewhere else and that is undesirable too.
I am making a custom file explorer in java. I came to know of this worm which starts executing when the file icon is viewed in file explorer. I believe, this could be possible only if it is loaded into memory somehow by something like reading of metadata (Please correct me if i am wrong). I have heard java is a 'safe' language but just wanted to know how much safe it is.
I am using the following imports in my program :
java.io.File;
java.net.URL;
java.nio.file.Path;
javax.swing.filechooser.FileSystemView;
I use fileSystemView.getFiles() to get files list and simply display an icon by checking the file extension.Files are not preveiwed also.
So if i disable opening of a file by clicking on its icon in my file browser, then is there any way that some malware can run when my file explorer program displays the contents of an infected pendrive?
Can this be achieved by other programming languages also?
There are several aspects to you question here.
First of all, about the danger of accidentally reading/executing files by clicking them in your application: I think it's a bit difficult to answer that without actually seeing the code you're running. I can't see any obvious threat based on your description, but then again, I don't know exactly what your Java Runtime will do for you when you mark a file, read the directory it is in, and read the file itself - if there's no "magic" happening behind the scenes there, there might not be a problem. If Java does any kind of reading/parsing/whatever with a file in order to register and list it though, it's hard to tell.
From the documentation for Class FileSystemView
Since the JDK1.1 File API doesn't allow access to such information as root partitions, file type information, or hidden file bits, this class is designed to intuit as much OS-specific file system information as possible.
I'm not really sure exactly what this even means, but I take it as an indicator that something is going on behind the scenes when accessing files. Perhaps someone with more in-depth knowledge can add to this.
Now as for using this to analyze potentially infected thumb drives: Be very careful.
When you connect something to your USB, it can do "stuff"(*) automatically as soon as it is connected. This will likely happen long before you've even started your Java app, so it won't really matter how safely you code it.
There are ways to restrict access to USB, and such auto-run behavior. You should at least be aware and look into this, and make sure you have an updated and working security scanner of some kind before inserting anything suspicious into your PC.
(*) There are even examples where USB devices can steal info from locked computers by providing a (fake or real?) network connection, and then listening in to and manipulating the automatic connections computers typically do continually in the background.
I have been coding for about a month and I have found ways to adapt around ever problem but one. The problem as you can probably see by the title is how to make a way to make game saves. I am currently creating a very simple game that has about 5 classes of my code and maybe 2 of Java Swing GUI.
I know how I would like to go about the saving process but I have no idea how to do it in my code. How I would like to go about doing this is by making the code print a Number or Integer to a file to represent a Level. For example if you completed level 1 the number in the file would be 1. I have tried some templates for this but none of them work.
I understand how to write to a file but my problem is reading it from a jar or even creating a file then reading it from a place on the computer. I need to know how to find a file URL for different computers because some use Docs and Settings and other Users. Please could someone help.
Since the jar is read only, it can only contain the 'default settings'. See this answer for the general strategy to deal with such a embedded-resource.
Speaking of which (embedded resources) see the info. page for more details on how to access them.
Here is an example of storing and reading a Properties file from the 'current directory'.
As mentioned by #MadProgrammer though, it is safest to put the settings file into a (sub-directory) of user.home, as seen in this answer.
But a properties file is just one option. You might also serialize an object, or write the file in a custom format that your app. knows how to read, for the first two off the top of my head.
Besides 'serialize (in some form) in a File', there is also the Preferences API, or for desktop applications launched using Java Web Start, the PersistenceService. Here is a demo. of the service.
I need to know how to find a file url for different computers because
some use Docs and Settings and other Users
The System property user.home points to the user's home directory
File userHome = new File(System.getProperty("user.home"));
I am developing a small game in Java and I am shipping it as a single Jar file. I want to store the high scores/best times for that game somewhere. Instead of storing it in a separate file, I would like to store it in the application itself (inside the Jar) so that its not lost. Is this possible at all ? If so, how to do it programatically.
Java does not give you tools to modify the JARs which are currently run. If you really want to do it, you have to guess the location of the JAR by yourself (which might reside on a read-only filesystem) and modify it the same way you would modify any archive file.
Bottom line: it's a very bad idea, don't do it! See this question for a much more reasonable solution.
Nothing is impossible, but storing it in the jar file would make it very complicated. You might also end up with unwanted side effects like "Permission Denied" errors when the jar is owned by another user. Virus scanners might get nervous when they see jar files change without reason, etc....
I would look to the Preferences API for storing this kind of info.
I think it is a bad idea to try and store anything in the jar file. Another option is to have a web based service offered to the people playing with your game. The game could connect through a web service to your hosted server and then store everything centrally there. Not sure if it is exactly what you want but it's just an idea. It would also allow people to compete with each other.
Java JAR file is a ZIP-Archive, so you could possibly access it with standard ZIP-Tools and just extract one hisghscores.txt file, modify it and then pack it back again.
I am developing a Java Desktop Application. This app needs a configuration to be started. For this, I want to supply a defaultConfig.properties or defaultConfig.xml file with the application so that If user doesn't select any configuration, then the application will start with the help of defaultConfig file.
But I am afraid of my application crash if the user accidentally edit the defaultConfig file. So Is there any mechanism through which I can check before the start of the application that whether the config file has changed or not.
How other applications (out in the market) deal with this type of situation in which their application depends on a configuration file?
If the user edited the config file accidentally or intentionally, then the application won't run in future unless he re-installs the application.
I agree with David in that using a MD5 hash is a good and simple way to accomplish what you want.
Basically you would use the MD5 hashing code provided by the JDK (or somewhere else) to generate a hash-code based on the default data in Config.xml, and save that hash-code to a file (or hardcode it into the function that does the checking). Then each time your application starts load the hash-code that you saved to the file, and then load the Config.xml file and again generate a hash-code from it, compare the saved hash-code to the one generated from the loaded config file, if they are the same then the data has not changed, if they are different, then the data has been modified.
However as others are suggesting if the file should not be editable by the user then you should consider storing the configuration in a manner that the user can not easily edit. The easiest thing I can think of would be to wrap the Output Stream that you are using to write the Config.xml file in a GZIP Output Stream. Not only will this make it difficult for the user to edit the configuration file, but it will also cause the Config.xml file to take up less space.
I am not at all sure that this is a good approach but if you want to go ahead with this you can compute a hash of the configuration file (say md5) and recompute and compare every time the app starts.
Come to think of it, if the user is forbidden to edit a file why expose it? Stick it in a jar file for example, far away from the user's eyes.
If the default configuration is not supposed to be edited, perhaps you don't really want to store it in a file in the first place? Could you not store the default values of the configuration in the code directly?
Remove write permissions for the file. This way the user gets a warning before trying to change the file.
Add a hash or checksum and verify this before loading file
For added security, you can replace the simple hash with a cryptographic signature.
From I have found online so far there seems to be different approaches code wise. none appear to be a 100 hundred percent fix, ex:
The DirectoryWatcher implements
AbstractResourceWatcher to monitor a
specified directory.
Code found here twit88.com develop-a-java-file-watcher
one problem encountered was If I copy
a large file from a remote network
source to the local directory being
monitored, that file will still show
up in the directory listing, but
before the network copy has completed.
If I try to do almost anything non
trivial to the file at that moment
like move it to another directory or
open it for writing, an exception will
be thrown because really the file is
not yet completely there and the OS
still has a write lock on it.
found on the same site, further below.
How the program works It accepts a ResourceListener class, which is FileListener. If a change is detected in the program a onAdd, onChange, or onDelete event will be thrown and passing the file to.
will keep searching for more solutions.