This week's book giveaway is in the HTML Pages with CSS and JavaScript forum.
We're giving away four copies of Testing JavaScript Applications and have Lucas da Costa on-line!
See this thread for details.
Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Contstant String Encryption

 
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When a constant string is compiled to a class file, the entire string is copied into the class as plain text. This is a bit of a problem when one is storing server passwords inside a class. I was wondering if there is anyway around this problem.
 
author & internet detective
Posts: 40035
809
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul,
You can store the values in a properties file and encrypt them there.
 
Paul Houser
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suppose that would be possible, I was just hoping not to write any encryption/decryption algorithms.
 
author and iconoclast
Posts: 24203
43
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're making it sound as if Java is different in this regard. I'm not aware of any programming language in which you could write the same code and not be able to recover the password from the compiled binary.

You shouldn't have to write any encryption/decryption code; Java's got extensive security APIs.
 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why are you hard coding passwords into your code in the first place? If you want, you could give us a run down of your project and maybe we can come up with a better solution for you that is more secure.

If not, what Ernest said.
 
Paul Houser
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well basically it's an online multiplayer Tetris game that connects to a mySQL database to store things like scores and collect "room" information. It needs a server password to connect to the database, and I don't want the password to be public because the same database stores user accounts.
 
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could just apply some hashing algorithm to each password before you store it. Then apply the same hashing algorithm to a newly entered password and only compare the hashed values.

Hashing could be quite simple - you could make each password up to the same length and then multiply each element by a different value, making it impossible to find the original password. There would be a very small chance that two passwords would hash to the same value but then you are not comparing them.
 
Paul Houser
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, I can do that. Just one other thing bothers me, though, even though I'll be packaging the program in a JAR, will someone be able to use the encryption class in their program?

Thanks a lot for everyone's help.
 
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are concerned about someone using the "encryption" class to decrypt the passwords, I don't think that's possible. What Eddie described is a "one-way" hash. There is no way to take the hash value and somehow derive the original password value.
 
Paul Houser
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're absolutely right. I don't know what I was thinking. I need to stop writing messages before drinking any coffee.
 
What kind of corn soldier are you? And don't say "kernel" - that's only for this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic