Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Encrypting properties File Parameter and updating !!!  RSS feed

 
Dushyant Bhardwaj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear All,
I m working on a problem where I am storing my DB name ,
User , PWD etc. are stored in a properties file.
My Java application reads the properties file and connects to DB.
This is how the entries in Props file

SID=ora82
DB_PORT=1521
USER_NAME=TEST
PWD=TEST

Now I want to encrypt the values of parameters and update my
properties file.
Next time my application read the properties file, Decrypts the
values and connects with DB.

How to go about this.
Any hint will be highly appriciable.

Thanks in advance.
Dushyant Bhardwaj
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sun has encryption implementations: http://java.sun.com/products/jce/index.jsp

Haven't used em personally. Let me know if they work out for you!
 
Dushyant Bhardwaj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Stan,
Thanks for your hint , I have explored JCE and able to
come out with a solution for encryption.
My next question comes how to update my properties file.

Approach1:
Read Properties file -> Encrypt specific values -> Write again all
the values in the same Properties File

Approach2:

Read Properties file_temp -> Encrypt specific values -> Write all
the values in the another Properties File_to_be_used

Approach1 looks little difficult because it will require reading/writing
in the same file.

Thanks in advance.
Dushyant Bhardwaj
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With encryption you have to ask how safe you want to be, exactly who you are trying to keep out. For common folk, you might get away with the old XOR trick or character substitution for encryption and you could write those yourself. It will be a lot harder to thwart someone who is willing to decompile your code and figure out how you did the encryption.

As for rewriting the same file, I just put a suggestion in another post about "updating files" in this forum.
 
Samuel M. F. Jackson
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One thing to keep in mind is that even though the values are encrypted in the new file, someone can decompile your app code, look for the key, and decrypt the properties file themselves.

A couple of ways to mitigate this are:
1) to maintain control over the deployment of the code -- make your app a web app to keep your code/the keys out of the 'bad guys' hands

2) to make each version of your code that gets deployed have a different unique key, that way a 'bad guy' with one of the keys can't easily decode properties files for other deployments

As for handling the properties file, I'd recommend #2 -- keep one unencypted for reference, since if you corrupt the encrypted one, you would have to rewrite it from scratch.

For a reference book, I found Jonathan Knudsen's book Java Cryptography very helpful.

--------------------

Fluidlogic™ Service Abstraction & Command Processor framework makes J2EE optional
 
Dushyant Bhardwaj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Thanks all for your suggestions.

Regards,
Dushyant Bhardwaj
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!