SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
..it still faces me with the problem that I end up with an encryption password that I have to store somewhere.
All users connect to the database using the same username.
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
In this case, I need the encryptionPassword in the application, or am I missing something?
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
Thanks for your explanation. Just to verify if I get it right: In your approach, you set the encryption password just once, right?
But in case of a Swing application running on a laptop computer, that would mean setting the encryption password every time the application runs. Which could potentially be several times a day. Right?
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
Originally posted by Bart Kummel:
(...snip...)I started out with when I decided to post the question here!(...snip...)
So I guess he won't have a hard time guessing which of the variables contains the password, the username and the URL. And if he manages to decompile the code, I think he will find the decryption password as well... This was the scenario
"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Originally posted by Bart Kummel:
@Pat
The database is not distributed on CD. .... The laptop itself is pretty good "locked down". Representatives do not have rights they do not need.
whether access is granted or not. I'm using a database connection, which needs a password. And I want to store that password in a safe way.
"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
And if he manages to decompile the code, I think he will find the decryption password as well...
Originally posted by James Clark:
There is no "decryption" password.
"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Originally posted by James Clark:
(...snip...)Hence, there is no "decryption" password.
SCJP 1.4 | SCJD 1.6 | Visit my website | Author of the book Apache MyFaces 1.2 Web Application Development
As you can understand, the reason for putting a copy of an entire database on the laptop is the requirement that it should be possible to use the application without any connection to the Internet or the company's network.
After all, you are saving me a lot of work, since I do not have to encrypt a password, but just passing on the password the user types.
It seems like I'm stuck in some academical discussion. I appreciate your willingness to help out, but honestly I don't think the last few post are of any practical use for my project. The long discussions about subtle differences in meanings of words are especially hard for me, since I'm not a native English speaker.
I think what I learned from the discussion is that I should not store a password on the laptop. The best thing would probably be to let the user type the password every time he starts the application.
Also someone suggested to use some webservice like construction for authentication, but that's not going to work. As you can understand, the reason for putting a copy of an entire database on the laptop is the requirement that it should be possible to use the application without any connection to the Internet or the company's network.
Anyway, thanks for you help. After all, you are saving me a lot of work, since I do not have to encrypt a password, but just passing on the password the user types.
Did you see how Paul cut 87% off of his electric heat bill with 82 watts of micro heaters? |