I have implemented an Java Swing application that uses an embedded JavaDB database. The database need to be stored somewhere and the database tables need to be created at the first run. What is the preferred way to do these procedures?
Should I always create the database in the local directory, and first check if the database file exist, and if it doesn't exist let the user create the tables (or at least show a message that the tables will be created).
Or should I let the user choose a path? but then I have to save the path somewhere. Should I save the path with Preferences.systemRoot();, and check if that variable is set on startup?
If the user choses a path and save it in the Preferences, can I get any problems with user permissions? or should it be safe wherever the user store the database? Or how do I handle this?
Any other suggestions for this procedure?
I would let the user choose. That way they can run multiple instances (simultaneously or otherwise). Supplying a sensible default would be a good move.
Store the path using the Preferences API (I would store per-user but that may differ depending on your application), and use the File object to determine if directories exist and/or are permissioned properly.
Related
I'm just starting to write a new android app and wanted to have a clean design.
I want some variables to be initiated with a default value. Those default values should all be in one file called settings (or something similar). However the user should be able to change some of those values and save them.
Changing user settings is normally done in shared preferences files. However I did not found out how I can pre-populate them with my default values.
Is there any other way how I can have some sort of a settings file that already has values in it? I don't want to hardcode values in my java application as I want to have a single file to adjust when I need to change the default values.
Secondary goal: I would like if the user would not lose his saved values when the app updates.
Can anyone give me some hints where to search?
This is more just a general thought and speculation from my side, being a student of Computer science.
Lets set the scene:
Lets assume that I have created a wonderful application in Java that I plan on selling in the future. The java application has a complex structure and uses connections to a database using JDBC etc to connect to the DB, get the information from some table in the DB and then work with that data.
To be able to connect the Java program to the DB i have to give the program some information of the DB such as the link, username to the DB and its password.
My DB holds alot of information that I do not want others to see without authority.
But these informations are clearly visible in the java code i created. How sure can I be that no one can access this information after the app has been compiled into a JAR file or a .EXE file?
This might be a dumb question, but I'm just curious.
Thanks
Don't compile the user & password values into your Java application. Write your application with the ability to read those values from an external properties file. Then it's your customers' responsibility to restrict access to that file so only trusted users can read or alter it.
Security concerns aside, configuration such as DB connection strings, usernames and passwords is not part of the shipped application but an installation specific setup. All the application needs to do, is to expose a simple way for the end users to spell out these settings (e.g. property files, xml, etc...).
With this approach, it is the users responsibility to secure usernames and passwords.
Short answer, you can't. If it's in the jar or exe, it will be visible. Your best bet is to encrypt the compiled files.
There is really no possible way to prevent someone from decompiling your code back to something akin to its original state. You could make it more difficult, but if someone is determined, they can get it back to code form. As such the correct response is to not put any sensitive information into your java code. Put it somewhere else.
In this case, you might consider moving the information you want to client to access in your DB to a different DB, that doesn't contain sensitive information. Alternatively, if your database software allows it, create a new user on the DB, that only has access to the data the client will view, and use that login in your java program.
EDIT: mysql users
To create a new user in mysql run the following command:
CREATE USER 'username'#'hostname' IDENTIFIED BY 'password';
if you want the same user to be accessibble from any host replace hostname with %
This user is created with no permissions by default, so now onto adding permissions. Here is an example
GRANT [permission_level] ON database.table TO 'username'#'hostname';
Replace the table name with * to specify every table in the database.
for a full explanation of the syntax of these options look here: CREATE, GRANT
This should help you restrict who can access what in your mysql database.
Task: Copy Folder and contents from one vdi to another vdi. This application is internally facing within the company.
Method:
In jsp have user browse for folder
The folder selection is in a text box, the folder path is passed into an action class
The folder path is placed into a teradata table
A script is called to query the table for the source path and target path (pre-determined) and make the copy
Due Dilligence: So far I have tried the <input type="file", which selects a file, not a folder. Also, the file path is not passed through due to security reasons. I have read other possible solutions but none work.
Question: Are sevlets a viable solution, and if so, how do I create one?
I'm going to go with no. There are several reasons for this.
A Java Enterprise Edition application (be it a Servlet or Java Server Page) is not supposed to access the file system directly.
It is inherently unsafe to expose internal infrastructure through an external website.
I think you need to break it up a bit more.
Save a list of shares the server has access to in a data store of some sort, like a new teradata table or for a quick proof of concept plain text file (if you're on Linux you can use the output of something like showmount -e localhost).
Let the user pick the src share from a combobox or something similar.
Continue from your step 2.
This gives you two immediately obviously advantages, which may or may not be relevant.
You can use the system without having access to the physical shares.
You can add metadata (like description or aliases).
I have one question about Android. I need to run one of my activities only once - at the beggining. So, usually the best solution is to create file which contains flag isFirstRun and check the value after application's start.
But in my application it is very important to protect this file before deleting by user. Even if user has rooted phone he should not be able to change the value or delete this file.
So, is it possible to write this information to any Android system registry or somewhere else where user can't change this value?
No, it is not possible, for a simple reason, a root user have access to everything by definition. It won't make sense to have a program that has more rights than root.
The user can delete all the data your application saves. Consider saving this information on some server.
I'm developing my first CLI Application in Java and I've made the decision to go with SQLite for the database back-end.
I intend for the application to be cross-platform and need some guidance on where to actually store the database on users' computers. Obviously I can't store it in the .jar file right because if they need to update the application they'll lose their data correct? Or is there a workaround?
Maybe the easiest location is to put it in some sub-directory of the system property "user.home". You can get it with
System.getProperty("user.home")
In unix-like systems, for a user called 'bill' this usually maps to ~bill.
In windows systems, it maps to something like C:\Document and Settings\bill
So, if you program is called "amazing", you look for and create a directory like
new File
(
new File(System.getProperty("user.home")),
".amazing"
);