NOTE: program in java, server uses php, and mysql...file is .log or .txt file
I have a program which takes the last line from a txt file and sends it via HTTP request to a server. The file is written by an external program, but the user is be able to open it an modify it.
The lines are in this format, and the time will be in the local computer time.
[hh:mm:ss] Message
If I consider that the time in the (real) message IS the time in the computer can I use it to verify the freshness and validity by comparing with a time in a fix location? (server time, gtm time, etc)
The users could be anywhere around the world, and I cannot guarantee that the time in the local machine is exact. My idea would be to start the program and check for time on machine, and compare it to my external time. then somehow manage to make sure that the message was not done by the user....for example message should have to be 20s~ computer time and time in computer should be synchronized with external time.
Never done something like this, but really interested.
(I know there will never be a hacker proof program, but would like to make it as hard as possible)
Thanks, I will add details in the afternoon if needed.
Two options for Time Issue:
If you can modify the program that creates the file, always use a fixed timezone to write the time. This will ensure the time is accurate across all timezones.
OR you can write the timezone along with the time and compute accordingly at server side.
Regarding User Tampering the data:
I suggest you generate a MD5 hash of the message and send it along. Then compute the MD5 from message contents again at server side. If the hash does not match the MD5 passed to server, it means the user has tampered the data.
Related
I'm developing a simple software for a professor of mine. Nothing special, it just takes some data from some sites and merge them into a text file that will be analyzed from an R program.
Anyway, he asked me a "particularity": this software will be used by his students but he wants for it to be useless after this weeks of lessons. How can I achieve that? They are not computer science students, so something "simple" should be fine, but anyway I need some suggestions. I was thinking to create a web service, but I'm hoping for something else. I've searched and I could not find something useful for me.
I had done this for one of my projects.
Created a file on S3 with restricted access.
Every time the app is executed, i request for this file.
If it exists, i allow them to use the app else System.exit(1).
In your case, you can use this strategy with one file containing the end date, being the date of last class.
Fetch current date time from some public API.
Everytime the app is launched, fetch this file from S3, parse the end date and check for expiry.
Drawback: In case of No internet, the app will not be usable.
So I want to do a program in Java that does the following:
1. Opens each day when the user accesses his computer after a certain time (e.g. 5pm)
2. Asks the user for string input (the highlight of his day)
3. logs it and Saves it then closes
4. Opens the next day on the first time the user accesses his computer and shares a random entry from previous entries with the time and date of the input (e.g. ice cream with the kids Monday 8/4/2013)
5. repeats
I am not certain what topics or domains I need to look for tutorials on to cover numbers 1,3,4. In other words, what topics should I check to do the following:
make the program run by itself after a certain time (5pm) + when it is run for the first time the next day (I am operating on a mac do I need to look into cocoa os for this?
Storage; something like persistent storage in swift - do I just look into that or do I need to get into databases?
I am looking primarily for the main topics that I need to look further into to get this done (guidance for resources, not the code). Thanks!
To have a program run at a scheduled time, you would use a program like crontab. This is available on most Unix based operating systems including OSX. Basically you enter the scheduled time, and give it an executable to run at that time. You might have it run something like java -jar /path/to/your/java/program.jar
As for storage, you can store things in many ways. The simplest way is to read to/write from a file. Java has library classes that can handle this i.e. FileReader, FileWriter.
Another way is to use a database (SQL, SQLite, MongoDB). To do this you will need to install a database, and use a database driver in your java program. A good search term is JDBC.
I have made an application in which I want that the application should expire after say 180 Days but the problem is that if I take the system date, anyone could just change it and get going and I cannot also take the internet date because many times the user will be working offline. So how do I make it trial after which it self destructs itself? I cannot put any other DRM as I have read that checking MAC address is a very bad DRM and after going through Making commercial Java software (DRM) I realised I have to make it somewhat simple. So the idea I have in mind is that I put a count that how many times has the application being started, but where do I store the value in registry? (I have already read: read/write to Windows Registry using Java)
I have also read Create a trial version of a Java application, with limited functionality and How to create a trial version of a Java program but the answers given there were not satisfactory. Because:
1. In one answer it is given that use "Rampart" but that is a paid application and I do not want to use it.
2. In another answer they checked with system date but as I told earlier I do not want to use that either.
3. One Question and Answer was related to functionality which is not what I want to reduce
4. and further many of them require internet but my customers may not be using it all the time
I know that there is no perfect DRM and everyone of them can be cracked. What I am asking here is what is my best shot? (Note: I have limited number of users, I will not sell this application online)
Update: This question I believe is not off topic because what I really am asking is just how do I make my software go trial... I am just asking how? I know it can be cracked easily but just tell me what is the best way to set up a trial in java
Ship a data file with the package containing:
The name of the customer in full.
The date it was shipped.
The date it should expire.
A checksum of the whole file so it cannot be edited.
Every time you run:
Check that the checksum is still valid.
Check that the file mod date does not suggest that the file has been tampered with.
Display the customer name in a splash screen.
Make sure the mod date on the file is not later than the expiry date.
"Touch" the file to make sure it's mod-date changes to current date.
Make sure the "Touch" worked.
This way:
It is difficult to make a copy as the mod date will change.
It is difficult to distribute copies to others as the source is easily available.
It should be possible to detect most inexpert tampering.
Obviously - without adding hardware - it is impossible to cover all bases but I have found this scheme works well.
If internet connection is not available, there is one method left behind if end-users are in a company network and using windows with active directory (most companies have active directory if clients are windows), use active directory server as a time server. Most users may change clock time on their client windows, but they don't want to change time on their servers due to other affecting software (mail server etc). License4J can find and check date/time on a local active directory server.
(Disclosure: I work for License4J)
Why am I trying to do this?
Right now I'm trying to make a multi tabbed SSH client for use with a few servers. I have 8 at the moment, soon to be 9. As you can imagine, there are a few redundant tasks one has to do when working with Linux. Connecting to each server to make changes one at a time is a terribly tedious process. That's why I'm trying to make an SSH client that can connect to multiple servers at the same time so I can send a command ONCE to have it affect all servers I own.
How far am I right now?
I have a nice UI set up that can connect, log-in, and receive data from the servers. For input, the API requires I specify an inputstream. If I specify System.in as my inputstream, I can then run the program, and have whatever I type into console be broadcast out to the different servers, via the API.
The problem
is that no end user will ever want to work with a separate console to use this program. It will look dinky. So I need some way to take input from the text field to send it through a specified inputstream. That means I'll need an inputstream that never closes unless the program closes. Like System.in. Also, I can't easily redefine the stream once I set it. I searched for an answer yesterday for around 10 hours. Couldn't find anything. If anyone can help, please do. Thank you.
I need
an inputstream that works exactly like an outputstream. It stays open even when nothing is being sent through it, but as soon as it gets data, the data is sent automatically to anything that is using it. This API is very strange, but this last inputstream part is the only thing keeping me from finishing up my program. Thank you for your time.
JSCH sudo su command "tty" error
I was using the API incorrectly. Stupid, yes. I don't want anyone else making the same mistake though. I guess I was following a bad example found somewhere else on the internet.
Essentially, you don't even need to set the input stream. You just need to use the output stream that already exists. Write directly to the output stream. Pretty sure I was trying to do this at 3am last night. It was right in front of me the whole time.
I am really unsure as to where I should be posting this, but if this is the wrong place could someone direct me where to I could get an answer? I want to be able to send commands to my email address, and have the commands parsed and executed when the message is sent. I.e. I send an email and it contains this:
public class sentThruEmail {
public static void main(String[] args) {
System.out.println("Hello");
}
}
I would want to configure my program to recognize when a new email comes from a sent address, to open it, compile it (in this case compile the java) and then execute it on the machine that the program is running on.
How can I go about figuring out how to do this? Any help would be wonderful, thanks!
EDIT: Or maybe the first step would be how to recognize an email was received from an address at all? In Java, how could I go about that: recognizing that an email was received and outputting something to the screen to alert the fact.
This would be a very bad idea. Blindly accepting email from an untrusted source, compiling it, and executing it is an enormous security hole.
There are several parts of this to consider:
Security
As others mention, there are security risks to consider, here. If that worries you (and it should!), you may want to consider some of the following:
Digitally signing these "command" emails, and verifying that signature before looking at the email
PGP is a popular choice for this
Running your program (which reads the emails) in a "sandbox" environment, such as being chroot'ed or in a jail
Only run a very limited set of commands - perhaps just ones you invent.
Getting Mail
If you still want to do this, given the security issues, you will need your program to read mail.
You probably want to use IMAP for this, or POP.
Parsing
Once you have the mail, you need to parse the contents.
You could just compile it directly if you are only sending code.
You could also send the code as an attachment with a certain MIME type to identify it. That way you could still send a 'normal' email (perhaps with commentary about what this code is for), but your program would be able to cleanly separate out the code.
Responding
How will you communicate results back? Or do you care?
You may want to send a reply email (use SMTP), or update a webpage. A webpage is nice since if you are running the web server locally, you can just write a file directly.
Examples
The standard "confirmation email" system has a lot of similarity to what you describe. Someone sends an email to an automated system, it reads it, does some processing, and replies. Search around for those systems and I'm sure you'll get started.
I created the Exquisite Corpse Emailer project, which does much of what you describe (but in Perl). It only accepts a very small set of limited commands, but it listens to an email address on IMAP, parses the text, updates a database as a result, etc.
But if you want to do it, look into sockets programming, as you would need to connect to your email provider (if he allows terminal login)