• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

No security in Java

 
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hai ,
correct me if i am wrong.. I am finding giving security to a application damn tough..

In a pplication ,i need to get password from user & compare with a encrypted password which is given in a flat file to the client.well ! I can decrypt the flat file & compare with the user input for authentication ..
The catch is that if the user has decrypted password, and the function by which i have encrypted ( Using a tool like JAD, MOCHA he can easily see the code given a class file for knowing the function ) he can easily know the password ..
Is there is any tool ( other than code obfusication ) to brak the decomipling threat... if no, Then where is security in java?..

Regards,
srini
 
High Plains Drifter
Posts: 7289
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One solution would be not to store the password in the class at all -- treat it as a transient value that does not persist outside the life of the authentication mechanism.
There are a couple of frameworks out there that provide the kind of authentication scheme you might be looking for. Baltimore Technologies has one called JCrypto. There's also a Sun-sponsored API called JAAS (Java Authentication and Authorization Service) that you can download from java.sun.com.
That said, login authentication is not something a programming language would typically concern itself with. You'd use the language to write one, unless the language itself is also an application. Java's idea of security has to with ensuring bytecode instructions can't be spoofed, classes can't be dumped out of the VM and arbitrarily replaced, and stuff like that.
------------------
Michael Ernest, co-author of: The Complete Java 2 Certification Study Guide

[This message has been edited by Michael Ernest (edited January 23, 2001).]
 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well I think you mean data encryption. Java has an extension package, called Java Cryptography Extension (JCE), that I have adopted 6 months ago in my project for data encryption. It has pretty rich algorithm by Sun to start off. I first used the TripleDES and later adopted the Password-based Encryption, which works a lot better in the user data encryption scenerio, in the project. Essentially it solves the key storage problem. Anyway, perhaps you should download the API and play with it.
Colin
 
The harder you work, the luckier you get. This tiny ad brings luck - just not good luck or bad luck.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic