Saving application settings

Hi all,

I'm writing an online data backup application and I need to save two different types of data. First I need to store user details including a username and password for my server. This is so users have the option of using the application without having to type in their password each time. I am currently using a plain text file for this but was going to change over to the properties class (I don't want to use prefs as the app is platform independent and I don't want to use the registry in any way). Is there a way I can protect this data to at least make it hard for a hacker to get to?

Also I need to fairly regularly update the program from a database which it does not have direct access too with default locations for certain files, is their a better way to store this locally as right now I am using tab delineated strings in a plain text file and I am up to 8 tabs per line which allows for the possibility of users editing the file themselves incorrectly which could cause significant problems.


I have only been programming for 1 year so go easy on me

Edit: I forgot to mention that this app can be run portably from a pen drive so all files need to be stored in the application directory.

Hi, and welcome to the 'Ranch

You've stated that you don't want to use the Preferences API, because the application needs to be platform independant.
That in itself is not actually a reason for dismissing the Preferences API, because although the implementation behind the API uses platform specific storage, the API isolates you form that fact.

Anyway, I would forego comprimising security by storing the username / password combination on the client-side for the sake of an "enhanced" user experience.

The other problem with preferences is it does not let me choose where the info is stored. Since I need the app to be portable they must be stored in the same directory as my app.

As for saving passwords it probably is a good idea to leave it. I just liked the feature in the likes of skype .

Colin McTaggart wrote:The other problem with preferences is it does not let me choose where the info is stored. Since I need the app to be portable they must be stored in the same directory as my app.

I don't understand that at all. But perhaps I don't understand what you mean by "portable". All Java applications are "portable" in the sense that they run on different operating systems without having to be recompiled, but this certainly doesn't force them to store their working data in the same directory as the application. So you must have something else in mind.

When I say portable I mean self contained. For example I have two windows pcs a mac and an ubuntu box. My program needs to be able to sit in a folder on a pen drive and be able to run on each machine storing consistent settings. so the settings file must be in the install folder. It's similar to what you'll find on portableapps.com

Seems like a very insecure concept. What if you lost your usb pen?

The files being backed up are not private so it doesn't really matter. I cant say what I'm backing up though as I dont want someone copying my idea before I release it.

So can anyone help? I still need to figure out the best way to save my database. Is it possible to save to some kind of local database file in the installation directory? I am able to use SQL if this is relevant. Also it would be good if it ware not too easy to open up this database. The information is not too important but I don't want it to be easy to access so that most people wont bother.

HSQLDB and SQLite both support file-based storage. But you have a bigger problem. Officially you cannot retrieve the folder a JAR file is in. System.getProperty("user.dir") is not safe because it returns from where the JVM was started, and that can be a different folder. This question has come up before and I posted two workarounds; use our search to find these.

Actually it is my experience that if you specify no file path then java will find the file in the Jars directory. Right now I save to plain text and all I do is specify the name of the file and my app finds it so long as it is in the install directory so I don't think that will be a problem. That is unless I am missunderstanding something...

I'll look into HSQLDB and SQLite to see what's most suitable thanks for that.

Colin McTaggart wrote:Actually it is my experience that if you specify no file path then java will find the file in the Jars directory.

That's because when double clicking the current folder is (usually) set to the folder the JAR file is in. But I can use the command line and use "java -jar" to run the JAR file from a different folder, and then System.getProperty("user.dir") is not the folder the JAR file is in, nor does File work relative from that folder.

Sorry for the long wait, my car was written off so I've put this project on hold for the last two weeks till I sorted it out :S

This is fine. I'm not designing a command line utility anyway, its firmly aimed at people who will use it by double clicking. I can easily enough include a disclaimer saying that starting my app through the command line is not supported if I cannot find your workarounds that is...

Thanks for the help guys.

I hope you weren't hurt.

I'm fine, car stalled in flooding and the engine flooded, had to sit for 2 hours till someone could tow me out :S

Last time I tried that I had to walk 200 yards in icy water pushing it out of the floods. By the time I got it onto dry road, the engine had dried as well, so I was able to drive on. But the water got into the starter motor, which stopped working a few months later.

I'm bumping this topic as it seems to have slipped out of sight. I have narrowed my choices down to either HSQLDB or Derby for a database file. I am wondering which of these would be the hardest for someone to extract data from? The reason I'm asking is that it would be good if it were not too easy for someone else to copy my app in the future and use my database file. I dont think its possible to completely secure the database so I just want it to be difficult to copy.