I have a application which require login,but the number of user who use the application is no more than 40. And In the application,I get some data from the sql server database where I juse have read permission,also I can not create a table in the db for user validate.
ALso I do not think it is a good idea to create a user table in other database on another machine.(for example,I can create a user table in the mysql another machine,but is it desireable just for user validating)?
Now I just save the user info in a .properties file,any other good idea?
BTW,the programe language used in my application is java.
I guess it is a good idea to save data in a file as XML. You save encrypted/hashed password in it as well. Every time a new user created append a block something like this
<users>
...
...
<user>
<username>first_user</username>
<password>some_obfuscated_password</password>
<permission>1,3,4</permission>
<otherDetails>some detail </otherDetails>
</user>
</users>
There are standard libraries to parse XML in almost all the languages. Should not be an problem. And, fi anyone sees the file, he can't get the password. You can use salt as well.
Store your data in a file; use operating system locks and unlocks before reads if multiple instances of the program are in use. If it is just one app, you may be able to get by with a mutex setup (synchronized method).
Related
I am actually trying to write a small App where I intend to store the Names and Surnames of users in a Parse Server data base. I would need , for a define user , to read and get the Name and Surname of other users at some point.
I have read that anyone can decompile my APK and extract the App id and the Master Key . For me these values are stored in strings.xml , but I can't understand how I can store them elsewhere , as they are needed to connect to the server.
Is there a way to protect the decompiling in order to preserve the MasterKey? Or should I enforce ACL for those columns (Name and Surname added in the User class) and like read the Name and Surname of other users using Cloud Coud when I need it?
What would be the best practice to do that please?
DO NOT USE MASTER KEY IN A CLIENT APP
If your master key is compromised then your whole parse instance will be compromised. Instead, use class and object ACL to protect your data. If you need special queries that require master key, do it in server-side or cloud code.
Read this doc carefully: https://docs.parseplatform.org/android/guide/#security
There are some universal solution for "protect things inside APK".
Google APK reinforcement.
I have some problem like this.
I am accessing a database which is currently having over 100,000 data in new entry table.
Now I want to write a listener, means if any new record insert to table from somewhere else I have to get a notification.
My question is: What is best and fastest way to do this? because for a day there should have around 500 new data in the new entry table. Is is suitable to check the database every time using a thread?
Im using Java to do this with MySQL.
Please advice me.
I am not sure whether there is any listener that exists for Mysql changes. So it wouldn't be straight forward to get these details.
But there is something called 'The Binary Log' in mysql, which contains “events” that describe database changes such as table creation operations or changes to table data.
So one way to track the changes can be polling these logs. The challenge is that these logs are written in binary format. Mysql provides a utility called mysqlbinlog to process these logs in text format.
Here is one java parser for your rescue, which can read the mysql binary logs:
https://github.com/tangfl/jbinlog
Integrating all this bits and pieces , you may be able to get what you need.
try out this...
numero = stmt.executeUpdate(query, Statement.RETURN_GENERATED_KEYS);
Take a look at the documentation for the JDBC Statement interface.
I used java timer class for as an alternative to this solution. Now it works fine. It checks the database in every 10 seconds and if the condition true, it will execute what I want.
My app uses a SQLite database for the information. I have a function that checks to see if the folder and database are already present, if they aren't it will go on the internet ( currently I am using dropbox to store the db file ) and download the database and store it on the sd card, then I it will open the database. The database is writable as it lets the user rate an object. I have two questions.
1.) I would love to provide updates to the database and then have my app update the database if the version number is higher and replace the existing one. I have done some research and from what I have found it is possible to store an xml or json file with the version number of and the just parse the information and if the version number is higher download the new database.
Can someone provide an example of how this is accomplished and whether it is better to use xml or json for this task?
2.) Is there a way to save the rating in the new version of the database when the new is downloaded and accessed?
Thanks
two nights ago I wrote something like that.
pack your database structure as an array in a webservice method by reading field names and field types. the structure of array is arbitrary.
call web service method and you must receive a string that represent a JSONArray object, if you sent it as json with json_encode() method in php.
read structure and make CREATE DB query string with for loops.
execute query, so you must have database.
also you can send alot of information with arrays.
introducing each part is hard, so for each part google it.
don't forget to convert field types to match SQLite types such as VARCHAR=>TEXT, smallint=>INTEGER , ...
I want to insert data from my Microsoft Access database into a textfield.
I have already made a login system. I only want to insert the data into a textfield from the account that's logged in. With data I mean first name, last name etc.
What's the best way to do this in Java?
You could use this library to read a value from ms access file: http://jackcess.sourceforge.net/ and after put it into textfield.
You need to create a sql connection to the Access database using a JDBC driver for MS Access.
You then need to execute a SQL command against that Access database to retrieve the data you wish to display. This data will be returned as a SQL ResultSet object.
Have you worked with databases before? If not, there is perhaps some reading you need to do on the subject. Check this google search
Well, you read the data from the database using JDBC or some more highlevel object mapper like Hibernate or Eclipselink and map the returned data to your textfields.
Basically you need several steps:
a query to get the data for the logged in account
execute that query on the database using JDBC or something more highlevel
put the returned result into your textfields
If you want to update the data as well, you'd need to
extract the data from your textfields
create an update query and associate the data with it
execute the update query
Some things to take into account:
do you need some lock mechanism to prevent lost updates/dirty reads?
do you want to validate the data before persisting it?
There are two different processes developed in Java running independently,
If any of the process modifyies the table, can i get any intimation? As the table is modified. My objective is i want a object always in sync with a table in database, if any modification happens on table i want to modify the object.
If table is modified can i get any intimation regarding this ? Do Database provide any facility like this?
We use SQL Server and have certain triggers that fire when a table is modified and call an external binary. The binary we call sends a Tib rendezvous message to notify other applications that the table has been updated.
However, I'm not a huge fan of this solution - Much better to control writing to your table through one "custodian" process and have other applications delegate to that. To enforce this you could change permissions on your table so that only your custodian process can write to the database.
The other advantage of this approach is being able to provide a caching layer within your custodian process to cater for common access patterns. Granted that a DBMS performs caching anyway, but by offering it at the application layer you will have more control / visibility over it.
No, database doesn't provide these services. You have to query it periodically to check for modification. Or use some JMS solution to send notifications from one app to another.
You could add a timestamp column (last_modified) to the tables and check it periodically for updates or sequence numbers (which are incremented on updates similiar in concept to optimistic locking).
You could use jboss cache which provides update mechanisms.
One way, you can do this is: Just enclose your database statement in a method which should return 'true' when successfully accomplished. Maintain the scope of the flag in your code so that whenever you want to check whether the table has been modified or not. Why not you try like this???
If you're willing to take the hack approach, and your database stores tables as files (eg, mySQL), you could always have something that can check the modification time of the files on disk, and look to see if it's changed.
Of course, databases like Oracle where tables are assigned to tablespaces, and tablespaces are what have storage on disk it won't work.
(yes, I know this is a bad approach, that's why I said it's a hack -- but we don't know all of the requirements, and if he needs something quick, without re-writing the whole application, this would technically work for some databases)