I am developing a Java based desktop application. There are some data generated from the application object model that I need to persist (preferably to a file). There is also a requirement to protect the persisted file so that others can't derive the object model details from the data. What's the best strategy for doing these? I was in the impression that these requirements are very common for desktop apps. However, I haven't been able to found much useful info on it. Any suggestion appreciated.
Your question has two parts. 1st: How to persist data? 2nd: How to protect them?
There is a lot of ways how to persist data. From simple XML, java serialization to own data format. There is no way how to prevent revers engineering data just by "plain text". You can just make it harder, but not impossible. To make it quite impossible you need to use strong encryption and here comes a problem. How to encrypt data and don't reveal secure token. If you are distributing secure token with your application it is just a matter of time to find it and problem is solved. So entering a secure token during installation is not an option. If user has to authenticate to use application it should help, but it is the same problem. The next option is to use custom protected bijection algorithm to obfuscate data. And the last option is to do nothing just keep the data format private and don't publish them and obfuscate your application to prevent from reverse engineering.
At the best value comes simple obfuscation of data (XOR primenumber) with custom data format and obfuscated application.
If you don't need to modify this file you can serialize the object graph to a file. The contents are binary and they could only be read using the classes where they were written.
You can also use Java DB ( shipped with java since 1.5 I think ) and an ORM tool for that such as Hibernate.
EDIT
It is bundled since 1.6 http://developers.sun.com/javadb/
XStream works if you want to do simple xml reading and writing to a file. Xstream allows you to take any java object and write it to and read it from you file.
I think "serialization" is the word:
http://java.sun.com/developer/technicalArticles/Programming/serialization/
If you really need the security implied in your statement ("...protect the persisted file so that others can't derive the object model details from the data."), I'd serialize the data in memory (to Java serialized form, XML, or whatever) and then encrypt that byte-stream to a file.
You can try using an embedded database like Berkeley DB Java Edition (http://www.oracle.com/database/berkeley-db/je/index.html). Their direct persistent layer API will most likely suit your needs. The database contents are synced to files on disk. From just looking at the files directly, it's not easy to figure out the object model from the data. I've had good experiences with it, it's lightning fast and works well with desktop applications.
Related
I want to make a library management system in which I want to store book name and book ID etc. But I am restricted not to use the database functionality and save that data only during the time of execution.
How could I go about this?
Your options are straight forward:
keep that data in memory
use a temporary file in the file system
connect to some remote service where your app stores data (and then you are free to use whatever persistence mechanism you like to use)
Some type of storage medium needs to be decided on. There are a couple choices you can use. You can store the data as property files, xml or json.
There are tools like Jackson that can serialize and deserialize objects to json files and POJOs respectively to make persistence easier. There are also tools for xml and property file as well.
Yes, 2 quick ways that come to my mind right now are (if you are not using database):
1) use filing (searching and update could be harder)
2) user data structures - in memory storage (select the flexible data structure, storing data objects in array list would be easy but again depends on your requirements and nature of data)
My question is about a bukkit plugin.
I want to save data on closing the server. But I can't find the best way to save the data. all the data I want to save are strings. what is the best way?
using yml file saved in the server files or using database MySQL or?
Majority of Bukkit developers prefer YAML because of its availability which have made it standard to use, snakeyaml is included in Bukkit. If you write code that will be shared, such as open source or for a team of developers YAML is almost a necessity.
MySQL should only be used when the data needs to be shared between multiple servers such as a network. If you enter any network, for instance a minigame network, your player data is most likely stored in a database so you will have the same points in every one of their servers. Why not always use MySQL? It requires a connection to be opened which may fail, this means the server is dependent on another source which you usually want to avoid. MySQL is most times also slower performance-wise than other alternatives.
What about other files/methods? I've seen developers store data using JSON or even pure text files, claiming it's faster, but this should only really be considered if you have performance issues or generally prefer that file type.
I am new to Java and I am working on a project called (in-memory database server). In this project I am supposed to build the database structure for the tables and the relations between them (I am not going to use any DB language, I should build the structure by myself), and then save these structures to XML files in the server (It's a fixed schema of three tables), next I am supposed to handle the CRUD operations on the saved data sent from clients over sockets to the DB-server(using TCP). Also I must use a caching method to access the data fast from memory instead of the HDD.
Well, when thinking in the project generally I see it very complex and I don't know from where to start! Should I start with the client or the server?
I tried to divide the problem into smaller problems so I have these question that I need answers to it in order to catch the starting point.
How can I build the tables and save them in XML files?
After building the tables' structures, how can I make the relations between the tables? (The primary keys,foreign keys, and else).
How will client and server communicate to handle the CRUD operations?
What is the best caching method and how can I implement it.
I want to start building "Users" table, the client has a GUI Login form that will send the username and password to the server, the server will check them and log the user in.
I know it's a lot of questions, but I need help to understand how the work will be done, I need useful topics and videos, any related link may help me.
I would start by trying to define one of the tables in XML format. Probably starting with an XML Schema definition about the format the XML will take in the "table definition" file(s). Once I had that ready, I would start unit testing the heck out of that/those XML. Only after I had everything working to my satisfaction in the unit testing stage would I introduce any complexity of the web client/server variety. Baby steps win.
EDIT: (Useful links: Google this: "XML Schema definition example")
You're new to Java, and you haven't written a database management system before. You've got quite a learning curve ahead of you. Breaking the problem down into manageable chunks is very wise. I'd start reading about principles of DBMS (independent of any implementation language), and then maybe download some open source Java DBMS and study how others have solved the problem.
I had completed my project Address Book in Java core, in which my data is stored in database (MySql).
I am facing a problem that when i run my program on other computer than tere is the requirement of creating the hole data base again.
So please tell me any alternative for storing my data without using any database software like mysql, sql etc.
You can use an in-memory database such as HSQLDB, Derby (a.k.a JavaDB), H2, ..
All of those can run without any additional software installation and can be made to act like just another library.
I would suggest using an embeddable, lightweight database such as SQLite. Check it out.
From the features page (under the section Suggested Uses For SQLite):
Application File Format. Rather than
using fopen() to write XML or some
proprietary format into disk files
used by your application, use an
SQLite database instead. You'll avoid
having to write and troubleshoot a
parser, your data will be more easily
accessible and cross-platform, and
your updates will be transactional.
The whole point of StackOverflow was so that you would not have to email around questions/answers :)
You could store data in a filesystem, memory (use serialisation etc) which are simple alternatives to DB. You can even use HSQLDB which can be run completely in memory
If you data is not so big, you may use simple txt file and store everything in it. Then load it in memory. But this will lead to changing the way you modify/query data.
Database software like mysql, sql etc provides an abstraction in terms of implementation effort. If you wish to avoid using the same, you can think of having your own database like XML or flat files. XML is still a better choice as XML parsers or handlers are available. Putting your data in your customised database/flat files will not be manageable in the long run.
Why don't you explore sqlite? It is file based, means you don't need to install it separately and still you have the standard SQL to retrieve or interact with the data? I think, sqlite will be a better choice.
Just use a prevayler (.org). Faster and simpler than using a database.
I assume from your question that you want some form of persistent storage to the local file system of the machine your application runs on. In addition to that, you need to decide on how the data in your application is to be used, and the volume of it. Do you need a database? Are you going to be searching the data different fields? Do you need a query language? Is the data small enough to fit in to a simple data structure in memory? How resilient does it need to be? The answers to these types of questions will help lead to the correct choice of storage. It could be that all you need is a simple CSV file, XML or similar. There are a host of lightweight databases such as SQLite, Berkelely DB, JavaDB etc - but whether or not you need the power of a database is up to your requirements.
A store that I'm using a lot these days is Neo4j. It's a graph database and is not only easy to use but also is completely in Java and is embedded. I much prefer it to a SQL alternative.
In addition of the others answers about embedded databases I was working on a objects database that directly serialize java objects without the need for ORM. Its name is Sofof and I use it in my projects. It has many features which are described in its website page.
I'm having a problem. I would like to create Document object, and I would like to have a user property with com.google.appengine.api.users.User type (on GAE's docs site, they said we should use this object instead of email address or something else, because this object probably will be enchanced to be unique). But now the object can't be compiled by GWT, because I don't have the source for that object.
How can I resolve the problem?
I was searching for documents about DTOs, but I realized that maybe that's not the best pattern I should use.
What do you recommend?
Very thanks for your help!
Regards,
Bálint Kriván
to avoid DTOs for objects with com.google.appengine.api.users.User inside you can probably use the work from
http://www.resmarksystems.com/code/
He has build wrappers for the Core GAE data types (Key, Text, ShortBlob, Blob, Link, User). I've tested it with datastore.Text and it worked well.
There is a lot of debate about whether you should be able to reuse objects from the server on the client. However, the reuse rarely works out well in real applications so I generally recommend creating pure java objects that you copy your data into to send to the client. This allows you to tailor the data to what you need on the client and avoids pitfalls where you accidently send sensitive information over the wire.
So in this case, I would recommend that you create a separate object to send over the wire. BTW if you have the AppEngine SDK for Java (http://code.google.com/appengine/downloads.html), it includes a demo application that I did (sticky) that demonstrates this technique.
this question also addresses the issue:
It links to a semi workable solution for automatically making your persistent objects gwt-rpc compatible.
I had the same question, your answer is interesting, but i am always sad to copy twice a data... Plus, when your dao gets the data, you will have to parse all the results to copy them to the pure java object, isn't it? It seems to be a heavy operation. What's your opinion about those question?