I have developed a J2ME application in which the application reads files from the Memory Card. Those are audio files to be specific. I need to supress the propmts which occure everytime when the audio files are accessed. I am using NetBeans 6.8 and tried signing it to be trusted in the properties. It didn't work.
Can someone Pls help..!
You need your app. running in trusted domain for that , than you can specify that for file IO "ask once"
Also See
J2ME Security
what you have sign is limited to your system for not asking for permition
when you are implementing those application on mobile device at that time
you require signing certificates
following are trusted 3rd party domain through which you can sign application
Thawte
Verisign
for more reference follow this link.
Related
I am trying to sign a PDF document with DSS Desktop Standlone App, and my problem is that I cannot use this application in MacOS environnement due to MSCAPI.
There is a solution for MacOs ?
You may try to sign using PKCS11 option, by providing the file to driver related to the smartcard/USB token you use.
Also you may try to sign using the online version and Nexu application. I work for the company that develops Nexu.
Currently i am dealing with a conceptional issue in my Java - SFTP Client/Server - Setup.
Basically i got a client who sends files to a remote server and stores them there. BUT: You trigger the upload via a jar file on your computer, so anyone could decrypt the jar file and read the clear java file and obtain the credentials for my sftp.
Is there any technology to solve this issue or some workaround you can advise?
Greetings and Thanks!
It is inadvisable to put credentials into a common / shared JAR file. It can't be done securely, and if you need to get the user to replace them they need to download and install a new JAR.
There is no way that you can keep the credentials private from the user. If your credentials need to be used on the user's machine, then it will be possible for the user to extract them, somehow. No matter what you try. (Assuming that they control their machine ....)
Saving credentials encrypted does not protect them from the user. The application needs the decryption key. The user can find / extract that and then recover the credentials.
It is better to issue distinct upload credentials for each user. That way, if one user loses or abuses his credentials you can invalidate them without affecting other users.
If I'm understanding your issue correctly, it is rooted at the fact that your java sources contain your credentials.
First, I highly recommend using jSch library for a great implementation of SSH2.
Regarding your credentials, you can find your answer here.
In short - save your credentials encrypted.
I have this app which uses Google Services json file configured with a SHA1 of a debug key, and then build the Signed Build with a new key and used that release.apk to install the app. But the sign in part isn't working now in the release version of the app.
So now my question is, should the Google services json file be configured using the SHA1 of the signed key?? Ignore the formatting since I'm using this from mobile.
Based on the document: Setting Up Google Play Games Services
Specify client ID settings
You should create two client IDs, one with the release certificate fingerprint and another with the debug certificate fingerprint. Make sure to use the same package name for both. This allows Google Play games services to recognize calls from your linked APKs that are signed with either certificate. For more information about certificate signing for Android, see Signing Your Application.
Check this SO post, it talked about the difference of the clientID for debug and release version. Lastly, check the documents : Prepare for Release and Sign Your App for a detailed instruction of preparing your app for release.
Their is no bug with regard to the maps. I already signed the apk with release keystore ,
the API Keys are registered in my account
It perfectly works in any devices.
What's the problem is when it is uploaded with the client account in google play store
and downloaded in their device, the map displays white.
Question:
1.Does it affect the application if the API keys are registered to my account and the one who upload the app is not my account ?
Answer:
The API key is associated with the apk package and it's keystore and not a user account.
First you need to create a keystore for you app. Refer to http://developer.android.com/tools/publishing/app-signing.html
Next go to https://console.developers.google.com/project and create a project (if don't have one already).
On your project page go to API's & auth > APIs enable Google Maps Android API v2
Next go to API's & auth > Credentials and create a new Key for Android applications. Follow those instructions careful and you it will generate you an API to use on your manifest. (Remember to use the keystore you used to sign your app for play store and not your debug keystore)
More info:
https://developers.google.com/console/help/new/#generatingdevkeys
Good luck
I also face this problem . you need to
signed your application with the system from which you generate SHA-1
fingerprint for Google Api
.
Check Your API Key whether it is the same with the one in Console and in your Manifest.
I've recently gone into a serious security problem in my Java app. The client application simply works on a FTP and MySQL server, and access information to both of them are stored directly in code. I'm aware that it's an awfull idea and I'm planning to move that informations to a preferences file. But how can it help to raise a security level on my app? Is there any way to properly secure such file? Or should I look for a different solution?
Keep passwords in a keystore (example: http://kingsfleet.blogspot.com/2008/12/storing-password-somewhere-safe.html). Keystore has to be protected with a password, so in order to use client application user needs to give keystore password - I am not sure if this is acceptable in your case.