• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security for an application

 
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everyone, I have a java program which reads an xml file which can contain sensitive data such as user passwords. The xml file is part of the application and the user can update it through a small program I've written (sensitive information uses a passworded text field).
The problem I have is this, since the program is installed to a users directory, how can I somehow make the xml file unreadable to anyone including the person who has installed the program, but also make it possible to read the contents of the file from the program If the need arises?
 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You may be interested in encryption or cryptography. HERE is a Sun Tutorial. Frankly the first page was pretty confusing and I don't know if it gets any better as it goes.

Encrypted strings could easily contain special characters that an XML parser won't like, so you will probably have to look into escaping the encrypted data.

A very low level of security is to do your own encryption or scrambling on just the password. Any expert hacker would be able to undo anything you or I thought up in short order, but it tells an honest friend where the limits of civil behavior are. Store the encrypted password only, and when the user enters a password encrypt it and compare it to what's been stored.
 
reply
    Bookmark Topic Watch Topic
  • New Topic