This question already has answers here:
Handling passwords used for auth in source code
(7 answers)
Closed 7 years ago.
I have a question about passwords in source code. E.g. if you would like to connect to a FTP server you have to write the password in the source code in plain text.
Is this secure? Or is it possible to decompile the JAR file or in Android APK File to get these data in plain text? Is there a secure method to store the data?
The most secure way to do this, would be to have a "Middleman server" running on the same machine as the ftp.
The app contacts the server and says "Give me the files".
The server then logs on to the ftp and sends the files back to the app.
The app never knows the password, username or anything to the ftp. Only the ip address and how to get files from the server.
The server could then have some sort of protection to only take certain requests, or only from the app etc.
Java De-compiler can be easily found on Internet.
In case of apk, you can
Extract the APK on computer
generate .jar file using tools like dex2jar convertor
get source code back using java decompiler.
But i have also find some app which can't be decompiled to source code in this way, and i don't know how they have achieved this.
If you have to contain the password in the source code, it's more secure to obfuscate it in C and your Java code simply get it from JNI. Otherwise, follow the suggestion by René Jensen.
Related
This question already has answers here:
Execute Jar file from C sharp code and get return value
(2 answers)
Closed 7 years ago.
I have a c# application and I have a .jar file that I have created. I want to call from c# application, my jar file, I want to call a method in the jar file. I try to use JNI but I can't call jar file.
There is a mode to do this?
Your main problem is the lanuage incomaptabilities
As far as i understand there is no direct way that Java (jar) and c# assembles can talk to each other.
Question is what does the jar file do ? and can the same be done using c#
If not then you are going to have to create a java application using somethign like Netbeans to act as a kind of middle man
Then when the c# application does a function call the call gets serialised into a file
The java app should then look for the file (in a thread or something) pulling the data and writing the response data to the file
While asp.net looks for changes in the file and pulls the data back from the file once java has written
There are other options such as web service and TCP IP socket server to communicate
But Long story short there is no clear cut way as far as i am aware of that there is not clear cut way of making java and .net talk to each other .
A quick google search did bring up http://www.ikvm.net/userguide/tutorial.html[^] which seems to be promising.
Hope this helps
I am trying to make an app that uses a bunch text files as a base for most of its actions and this text files can be updated from a web server.
Currently my app is able to download a batch of text files via a zipped archive, but I was wondering if there was a way to check if I already had the contents of the zip file before downloading them.
What I had now was that I would download and unzip followed by a line by line check to see if the current files where different from the recently downloaded files.
This is seemingly very inefficient but I do not know of any other way.
If anybody has any suggestions and can either give a small example or point me to one I would greatly appreciate it.
To assemble what BackSlash and the others already said in the comments:
One possible solution could be to:
Create a hash of the file when the file is being created (good) or
after download (bad)
Store this hash somewhere (e.g. inside the filename instructions-d41d8cd98f00b204e9800998ecf8427e.zip)
Client: Query the server with the string
Server: Check the transmitted hash against the hash of the newest version
Server: Respond accordingly (e.g
by using the HTTP built-in 304 response)
Client: Act upon the response of the server
This question already has answers here:
SQLite with encryption/password protection
(9 answers)
Closed 9 years ago.
My desktop Java app uses several read-only SQLite databases, which I would prefer people not be able to open up and look at. Normally, this might be accomplished through encryption, but I'm currently using the sqlite4java library, which does not support encryption and doesn't easily allow other SQLite encryption libraries (e.g. SEE) to be used.
What I'm trying to do is make it as difficult as possible for a "casual hacker" to just find one of these database files and open them up. For instance, someone threw out the idea of sticking them in a password-protected ZIP file, then using a library like the ones suggested here to decrypt it on the fly as either an InputStream or a temporary file.
Would this be something that is worth doing?
EDIT: I realize that this isn't going to be perfectly secure, and a hacker dedicated enough might be able to still find a key and decrypt it (this seems like a vulnerability with any such programs).
"What I'm trying to do is make it as difficult as possible."
You are probably just making it as difficult as possible for yourself.
Regular users don't open application binaries. People that open application binaries have tools to find your encryption key.
If you want to engage in security through obscurity, just name the database file "commons-io-3.2.1.jar" instead of "mydb.sqlite3". No trouble for you, still throws off the "casual hacker".
Instead of password protecting your SQLite DB, you can choose not to ship it with the application APK, rather download the content on first run, so that you don't have to encrypt and decrypt and your APK is lighter.
Also remember, your DB can still be hacked by intense hacker.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
SQLite with encryption/password protection
My problem is that I am on a struts2 web application and I am creating a sqlite database file dynamically. I need to protect that file (when users download that sqlite file it needs a password to open it, like a password-protected PDF). Is there any other way to complete this task?
There is an encryption library (sqlite-crypt) available in C, but if you want to do it in Java, I would simply encrypt the file like any other file and supply a decryption tool with password for the user. See this example of file encryption/decryption in Java.
The best solution is to install SqlCipher or something similar, but that means that you must build and install a C extension to your Java environment.
If you decrypt the SQLite database on starting your app and then encrypt it on ending then it's "exposed" while you're actually using it (and if the app is terminated abnormally). With SqlCipher the data is always encrypted, even in the middle of an operation. The other alternative is to encrypt/decrypt individual "blobs" stored in the DB, but then you can't search on them, etc.
You can use Zip4j (http://www.lingala.net/zip4j/) to create a password protected zip file.
I have exported some Processing code (outputs sensor data to a textbox) to an
applet that includes the .jar and .html files. I have tried to insert this html on a
simple website that I created and the java applet doesn't work. Do I have to somehow
modify the html? I know that the .jar files are already in the same directory and
are referenced appropriately in the exported html code. Is there a better approach
to posting to a website? Thank you
I don't think that it is possible, due to security restrictions on applet communication.
More than likely you will have to write a small client/server program using sockets.
The idea would be to transmit the the output from your locally running client application to your applet(server) which would receive and display the data.
You could use any language with socket support obviously(Flash, PHP, etc.), but I assume you will want to stick with Java.