hype
Sep 24 2009, 09:30 AM
| | I'm trying to create a Java Application which will be able to preform CRUD with perhaps a MySQL database hosted online. However, I'm worrying over security issues, including authentications and especially how would the server authenticates that the data is actually generated or sent by the Java Application, not someone who break into my application, change the code and modify the data that is being send to the server and updated into the database.
Is there any form of authentication or perhaps is there an alternative that can be use in Java to perform such process in a more secure way? |
Comment/Reply (w/o sign-up)
manish-mohania
Sep 24 2009, 11:25 AM
QUOTE (hype @ Sep 24 2009, 03:00 PM)  I'm trying to create a Java Application which will be able to preform CRUD with perhaps a MySQL database hosted online. However, I'm worrying over security issues, including authentications and especially how would the server authenticates that the data is actually generated or sent by the Java Application, not someone who break into my application, change the code and modify the data that is being send to the server and updated into the database.
Is there any form of authentication or perhaps is there an alternative that can be use in Java to perform such process in a more secure way? For java related security, please refer to : 1) SecurityManager Class 2) Java Policy Tool You can restrict which ip-address is allowed to access the database remotely. Also, you can implement user login feature to authenticate/authorize the user.
Comment/Reply (w/o sign-up)
shadowx
Sep 24 2009, 11:31 AM
Well in theory you could send a token to the Java app from the server perhaps just an MD5 of the current date/time then have the Java app perform some modification, perhaps reversing the string or something like that and sending the token back with the SQL data. If the token doesnt meet the requirements (you would need to store the token the server sends out and then perform the same modification EG reverse it, and compare the two) scarp the data and block the IP. you could also program in a token into the app itself just so it sends a sort of "password" along with the SQL data that authenticates it. Both methods are vulnerable to decoding the app and going through the resulting goo of code to find the method employed but if they can do that then your SQL data is in trouble anyway....
Comment/Reply (w/o sign-up)
hype
Sep 24 2009, 12:25 PM
QUOTE (manish-mohania @ Sep 24 2009, 07:25 PM) For java related security, please refer to :
1) SecurityManager Class
2) Java Policy Tool
You can restrict which ip-address is allowed to access the database remotely.
Also, you can implement user login feature to authenticate/authorize the user. Yea I do have login feature to authenticate the users. However my scenario is as follows: I have an application in which users will use it to gain credits with a credit system. After performing some task through the java application, they will be entitled to some credits in which the application will inform the server abt the amount to be credited and to whom it should be credited. My problem is what if someone decode my application, found the way in which the application communicates with the server, and then modifies the application so that he can always send his own desire amount of credits. Would this be a definite problem for Java Applications or is there any workaround to it? Because it would be best if I could use Java for this particular application. QUOTE (shadowx @ Sep 24 2009, 07:31 PM) Well in theory you could send a token to the Java app from the server perhaps just an MD5 of the current date/time then have the Java app perform some modification, perhaps reversing the string or something like that and sending the token back with the SQL data. If the token doesnt meet the requirements (you would need to store the token the server sends out and then perform the same modification EG reverse it, and compare the two) scarp the data and block the IP.
you could also program in a token into the app itself just so it sends a sort of "password" along with the SQL data that authenticates it.
Both methods are vulnerable to decoding the app and going through the resulting goo of code to find the method employed but if they can do that then your SQL data is in trouble anyway.... Yea this is a good idea but as you said, if someone were to decode it that would prove the security measures useless already. I was thinking about applet but it would result in the same outcome as well. Web application would not be that flexible as the application would be restricted by the browsers limitivity.
Comment/Reply (w/o sign-up)
shadowx
Sep 24 2009, 12:35 PM
I dont think there is a real way around this, unless you compile your application when the user requests it: HTTP request for myapp.app PHP/CGI/ASP application starts compiling myapp.app PHP/CGI/ASP creates a custom "token" that is valid for 5/10/20 minutes and is logged in a log at the time it starts/expires PHP/CGI/ASP is still compiling the code for the app so it inserts the custom token into the code and carries on compiling myapp.app is ready to be used with its custom token when the data comes in from the app the server checks its logs for the token which is also sent in to the server If the log shows the token as expired the app reloads the page or gives an error or something If the log shows the token as valid the data is sent on to the SQL database and what not. This way each app only has a lifespan of a limited time. If you expect the user to use the app for an hour then make the token expire after 1:20 or something practical. The limitation here is i dont know how/if its possible to make a PHP/CGI/ASP script to compile a java app. I suspect it is but im not 100% You could theoretically change the token into being the app name, so instead of "myapp.app" you get RANDOM_TOKEN.app Have the app referenced in the HTML as a PHP page: app_src="app_create.php" Then app_create.php makes a token up randomly, assigns an expiry time/date in a log somewhere and then sends out the app named as RANDOM_TOKEN.app (eg 144DFFGVR4DBD.app) And have the app transmit its own name with the data and that can act as your token and no compiling needed. Just a bit of copy/rename/send of an app file.
Comment/Reply (w/o sign-up)
hype
Sep 24 2009, 12:46 PM
QUOTE (shadowx @ Sep 24 2009, 08:35 PM) I dont think there is a real way around this, unless you compile your application when the user requests it:
HTTP request for myapp.app
PHP/CGI/ASP application starts compiling myapp.app
PHP/CGI/ASP creates a custom "token" that is valid for 5/10/20 minutes and is logged in a log at the time it starts/expires
PHP/CGI/ASP is still compiling the code for the app so it inserts the custom token into the code and carries on compiling
myapp.app is ready to be used with its custom token
when the data comes in from the app the server checks its logs for the token which is also sent in to the server
If the log shows the token as expired the app reloads the page or gives an error or something
If the log shows the token as valid the data is sent on to the SQL database and what not.
This way each app only has a lifespan of a limited time. If you expect the user to use the app for an hour then make the token expire after 1:20 or something practical.
The limitation here is i dont know how/if its possible to make a PHP/CGI/ASP script to compile a java app. I suspect it is but im not 100%
You could theoretically change the token into being the app name, so instead of "myapp.app" you get RANDOM_TOKEN.app
Have the app referenced in the HTML as a PHP page: app_src="app_create.php"
Then app_create.php makes a token up randomly, assigns an expiry time/date in a log somewhere and then sends out the app named as RANDOM_TOKEN.app (eg 144DFFGVR4DBD.app) And have the app transmit its own name with the data and that can act as your token and no compiling needed. Just a bit of copy/rename/send of an app file. That might be a solution for it if the user must access the application from the website itself, which only open door to Java Applet and Java Web Start. Application that resides on desktop would not work, which means I'm left with having the users to download the application everytime they uses it. I guess I'll think about it and maybe I'll use some manipulating of the tokens with some authentication. Banning system comes handy too, but requires lots of monitoring. Thanks for all the advise!
Comment/Reply (w/o sign-up)
shadowx
Sep 24 2009, 01:03 PM
If you want the app to reside on their desktop have it download a "cookie" like a small text file, possibly encrypted which contains a token made by the server (you could also just have the app request a token which it then stores in its own memory as a variable, hence it will be destroyed when the user closes the program) and again have the token expire after a certain time and have the app send the token off each time. That way the user has the Java app on their desktop but it requires the "key" or token, from the server before it can be used.
Comment/Reply (w/o sign-up)
hype
Sep 24 2009, 01:19 PM
QUOTE (shadowx @ Sep 24 2009, 09:03 PM) If you want the app to reside on their desktop have it download a "cookie" like a small text file, possibly encrypted which contains a token made by the server (you could also just have the app request a token which it then stores in its own memory as a variable, hence it will be destroyed when the user closes the program) and again have the token expire after a certain time and have the app send the token off each time.
That way the user has the Java app on their desktop but it requires the "key" or token, from the server before it can be used. That sounds promising, but I think if the user edit the application in a way such that he doesn't touch the code where the application communicates with the server and the user alters the data(credit) being send to the server for only, everything would defeat it's purpose. The user can also make their own application which can download and send the token as well to the server right? Correct me if I'm wrong, not too sure about all these stuff. Something just struck me, how about generating an MD5 of the current application being used to prove the original application was used?
Comment/Reply (w/o sign-up)
shadowx
Sep 24 2009, 01:30 PM
"Something just struck me, how about generating an MD5 of the current application being used to prove the original application was used?" Funny as it seems i just thought of that too  That would indeed solve the problem i think.... You could have the app MD5 itself as it sends the data (perhaps MD5 the file myapp.app or whatever you call it) and that can then be the "key" that shows it is legit. Though then someone could write their own app that just sends an MD5 hash that they made themselves from your file, and just send that off using their own app... SO you would need someway of ensuring that the MD5 hash came from the program that is sending it, otherwise i could manually make an md5 hash of your app, and then make my own app that sends the message md5="somehashq32353wed" credits="=1000000000000" and as far as your server can tell it is a legitimate request and i would get lots of credits... This is a fairly tough one...
Comment/Reply (w/o sign-up)
hype
Sep 24 2009, 01:36 PM
QUOTE (shadowx @ Sep 24 2009, 09:30 PM) "Something just struck me, how about generating an MD5 of the current application being used to prove the original application was used?" Funny as it seems i just thought of that too That would indeed solve the problem i think.... You could have the app MD5 itself as it sends the data (perhaps MD5 the file myapp.app or whatever you call it) and that can then be the "key" that shows it is legit. Though then someone could write their own app that just sends an MD5 hash that they made themselves from your file, and just send that off using their own app... SO you would need someway of ensuring that the MD5 hash came from the program that is sending it, otherwise i could manually make an md5 hash of your app, and then make my own app that sends the message md5="somehashq32353wed" credits="=1000000000000" and as far as your server can tell it is a legitimate request and i would get lots of credits... This is a fairly tough one... Yep, that's exactly what's troubling me.. It's indeed a tough one, still in search of a good solution to it. I guess I need some research on the web for normal practises of others.
Comment/Reply (w/o sign-up)
Similar Topics
Keywords :
- Javascript Game
Free online dice game called "Greedy" (6)
Java And Jsp On Trap 17
Java and jsp on trap 17 (2) Any one out there set up a web site using jsp technology on trap 17. I am new to trap 17 and am
wondering what your experience of this is? /smile.gif" style="vertical-align:middle" emoid=":)"
border="0" alt="smile.gif" /> clivec....
Java Script To Hide The Url In Address Bar
Does any one know about this ? (8) Hello friends , just now i came accross a particular type of script which is capable of masking the
URL which is seen in the Address bar of the webpage , that is by implementing the particular Java
Script when the user visits a page eg. www.mysite.com , then it is possible for the admin of
www.mysite.com to mask this site and display some other website in the viewers address bar. I came
to know that such a script can be written using Java Scripts , Can any one get me the Script ??....
Which Is Good Java Or Dot Net
which is good (13) Hi, I want to know which is going to be a success in future. I've asked this question to
many but all are giving my vague answers. I'm asking this question because i'm going to join
a company where i can choose either dot net or java. Which one should i choose. Wax....
Java And Xml: Links You Must Have
(1) XML and JavaGeneral XML resources * "XML, Java and the Future of the Web," Jon Bosak. The
paper that started it all, at least from a Java programmer's point of view. Definitely worth a
read, even if it's a bit dated. Jon is commonly considered to be the father of XML. Funny how
all of these technologies seem to have paternity
http://metalab.unc.edu/pub/sun-info/standa...hy/xmlapps.html * "Media-Independent
PublishingFour Myths about XML" Jon Bosak
http://metalab.unc.edu/pub/sun-info/standa.../why/4myths.htm * Robin Cover's XML-....
Java Multithreading Issues
(2) So we have a web based application running on JBoss on several clustered servers. The front end of
the application is using jms to communicate with the middleware MDB, which communicates with other
backend application servers. The application runs well when only a few requests are submited.
However, when requests boost to couple thousands, the app starts to crash. The log files shows a
concurrency issue with the ThreadPoolExecutor. When we set the core size pool to one the issue was
solved. Looks like we have concurrent issue of multiple threads accessing same resource s....
How To Implement Single Instance Application On Java
(5) See the next few lines containing Java Code: CODE 1. // imports 2. import
sun.management.ConnectorAddressLink; 3. import sun.jvmstat.monitor.HostIdentifier; 4.
import sun.jvmstat.monitor.Monitor; 5. import sun.jvmstat.monitor.MonitoredHost; 6. import
sun.jvmstat.monitor.MonitoredVm; 7. import sun.jvmstat.monitor.MonitoredVmUtil; 8. import
sun.jvmstat.monitor.MonitorException; 9. import sun.jvmstat.monitor.VmIdentifier; 10.
11. public static void main(String args ) { 12. /* The method ManagementFactory.getRun....
Call Pdf995 From Java
(0) How can i call pdf995 engine from Java to generate Pdf from Doc. This approach from Visual Basic
Application is provided in http://www.pdf995.com/faq_dev.html . How can i approach same from Java?
Can anyone help? ....
Learn Java Programming Language Online Step By Step
(1) I had found this site >> http://learnjava.awardspace.com This website is for people who want
to learn Java Programming Language step by step. This website also includes JAVA lessons from the
beginning to advanced level. So this site appropriates for the beginner of Java programmer language
or non-basic Java Programming Language. The lessons are easy to follow and understand starting
from how to get your PC JAVA ready, the fundamental programming concept and creating the real
application. Moreover, the working examples are also included. Please enjoy the les....
Java Or C++
(19) Many having tell me to make my MMORPG in java leads me to agree, But I'm not sure truly is it
not yet easier, but yet the outcome of programming an MMORPG in java will make it fail or succeed
more then one in C+= I've learned a lot of variables in javascript, and I don't think that
java would be too bad either. My true question is, is those who use these languages, which seems
to give better outcome, and which seems to be more in ease. Regards -PCessna....
Java Applet Query
(2) Hey there, I have made an applet that shows images moving about the screen. I have pause/resume
buttons that work. But i've noticed that when the applet is interuppted by something i.e moving
another window over it, it will automatically repaint. My question is how can I stop this? How can
I make it so that the only time that paint is called is when I want it to be called? Thanks in
advance!....
Java Iterator Help
I need help with a method using iterator (3) /** * Remove from the club's collection all members who * joined in the given month,
and return them stored * in a sparate collection object. * @param month The month of the
membership. * @param year The year of the membership. * @return The number of members.
*/ public ArrayList purge(int month, int year) { if(month >= 1 && month
{ Iterator it = members.iterator(); ArrayList purged;
purged = new ArrayList(); int counter = 0; wh....
Helpful Registry Edit For Java Programmers
Command Prompt on right click menu (3) With this registry edit you can easily open the current folder in prompt without going through any
Change Directory commands (cd). This is useful for people like me who are programming in JAVA, and
every time to create class files and test them I have a diificult time just entering the commands in
Prompt. But if you don't want to use this registry edit you can create the directory in C:\
drive like C:\files so you have to navigate very little in prompt. If you are experienced in
regedit you can do it yourself shown below OR download the attachment and apply it. I t....
Jsp Or Java Chat Script Like Mig33
(5) so most of you guys know mig33. its a wap application,probaly java.most kindly to be java. does
anyone have java knowlege or knows where i can get a chat script like mig33? i also know this server
supports jsp so im planing to use it for my application. i was hosted here last year but moved
because i found a better host. now im back just to use the jsp on this server. Im planing to run
chat applictions so if any one wants to help me in my project let me know.....
Best Java Framework For J2ee?
Your Opinion About The Best Java Framework (11) What is the best framework to make enterprise application using Java (J2EE)? Currently I am
learning Spring and it is quite good eventhough it is very complicated in my opinion. Maybe someone
can share which framework that you use What are its advantages and disadvantages? I seek a J2EE
framework that supports JMS and offer quick development process.....
What's The Relationship Between Javascript And Java
are they the same or different (7) I think most of you always confuse about java and javascript .So I make this topic to talk about it.
Javascript and Java ,they have the same first four letter. Java and Javascript is the two language
is very popular in the web world.Java is the general-purpose programming language that you can
create an application or an applet.Javascript is a script language that looks sort of like java;with
it you can do various nifty things in web pages.They are independent languages ,used for different
purposes.If you are interesting in creating a website you should learn how to w....
Java Helpdesk
All your queries regarding Java Programming goes here. (10) Hellow friends, I am creating this thread for all queries and suggestions related to java coding. If
you face any problem, post it here, and others who have a solution can post the reply here. Hope it
helps the users.....
Is It Possible To Make A Splash Screen In Java?
(6) (A splash screen is an image that pops up before you run a program, sometimes it tells you what
portion of the program is being loaded. One example that immediately comes to mind is Ad-Aware,
which you should probably get if you don't have it.) Is there anything that could do this in
Java? I thought about having just a JFrame with the top bar and edges hidden, but I found nothing in
the API that suggests that that's possible.....
Java Basic Program Guidance
(7) aving some problems taking in the Java at Uni, Was wondering if anyone could shine some light on it
for me. My task is to write a program that will ask you to enter 2 words. the program will then
print out both words on one line. However the words will be seperated by dots that will make the
total length of the line 40. so if your first word was turtle and the second was abc, the output
would be turtle...............................abc The program should check for certain conditions:
1. a word can not be longer than 37 characters; 2. there must always be atlest 2 do....
Java Web Start Jnlp And Mysql
(3) I think I have nearly managed to create a JNLP file and get my application running successfully.
Unfortunately I am having a problem connecting to a MySQL database when using Java Webstart, the
error that I get is shown below which incidently works fine when I run the app from eclipse. Has
anyone successfully managed to connect to MySQL using Java Web Start, if so could you please explain
why the regular doesn't work in more detail or perhaps post an example of simple connection java
file so I can edit it so it works with what I have already developed. Thanks in ad....
How To Create Java Button Or Frame
to be customized (17) hi to all!!!! just like to ask if it would be possible if i could make a custom button or frame in
java. i got tired of using the build infeatures in java. i would like to create my own dessign of
button or frame.. can it be possible!!! /biggrin.gif' border='0' style='vertical-align:middle'
alt='biggrin.gif' /> thank!!!! /laugh.gif' border='0' style='vertical-align:middle'
alt='laugh.gif' /> New Help In! is NOT a descriptive topic title. Next time you decide not to
follow the posting rules, you will be issued a week long ban. ....
File Upload Script In Java
File Upload Script in JAVA (5) Hi, I am developing my personal website in JSP. I need a file upload script written in JAVA. I got a
script that is Upload Bean from javazoom.com but the problem is its working fine on Windows
Operating SYstem but not working on LINUX server. When i pass LINUX path (like
/home/usr/public_html) to bean it gives me error Check UploadBean properties in your JSP. I
think this bean aspecting a windows path. Can anyone provide me JSP Smart Upload script or any
other file upload bean in JAVA. For your information Smart Upload website has been closed. My
email id is ....
Java Mobile Applications
What you wanna have on your phone ? (9) I'm trying to do a Java mobile J2me application... But I don't know what to do... Any
suggestions....? Maybe you guys can say what you would like to have on your mobile phone... ....
[help] Java Script: Window.open
Works with Firefox, not IE (10) CODE var popUpWin=0; function popUpWindow(URLStr) { if(popUpWin) {
if(!popUpWin.closed) popUpWin.close(); } popUpWin = open(URLStr, 'GunBound Tactics:
Screenshots',
'width=820,height=550,menubar=no,resizable=yes,scrollbars=yes,toolbar=no,top=90,left=90'); }
Clips This is a script for opening a new window. It works with Firefox and not
Internet Explorer. IE gives a script error and it references a part of the code that has nothing to
do with the script. Someone please tell me if you can figure out why. Used at this add....
Learning Java
(11) Does anyone knows a good tutorial or book to learn Java?. I need to learn it quickly for a course in
the Uni. I have background in other programming languages such as C/C++ so i hope that helps. Thanks
in advance for your feedback....
Learning Java
By The Book (5) I travel alot so I get a chance to catch up on my reading. I bought a book today about javascripts.
I hope this will help me in creating my site which is currently being worked on. I want my site to
look professional and effective. I am hoping that this will help in creating this. Next I plan on
learning PHP, but since php is harder I will learn this first. I am a fast reader and I hope that I
can learn this fast since having a site down for a long time looks bad on the owner. One reason I
want to learn Javascript is to protect my site. I want to add a username and pa....
Java Is Not Javascript; Javascript Is Not Java
(2) Java, developed under the Sun Microsystems brand, is a full-fledged object-oriented programming
language. It can be used to create standalone applications and a special type of mini application,
called an applet. Applets are downloaded as separate files to your browser alongside an HTML
document, and provide an infinite variety of added functionality to the Web site you are visiting.
The displayed results of applets can appear to be embedded in an HTML page (e.g., the scrolling
banner message that is so common on Java-enhanced sites), but the Java code arrives as a separ....
Free online java compiler =)
no need to download the sun java SDK =) (6) Hey everyone, I found a site with a free online java compiler where you choose a source .java file
from your computer and click on compile on the webpage and you get instant .class files!
/biggrin.gif" style="vertical-align:middle" emoid=":D" border="0" alt="biggrin.gif" />.... heres the
link: www.innovation.ch - its somewhere on their website /smile.gif" style="vertical-align:middle"
emoid=":)" border="0" alt="smile.gif" /> Hope this helps in some way /wink.gif"
style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" />.......
Java Script Sites
(6) this is the best websites for javascript and other javascript.internet.com javascriptkit.com
webdeveloper.earthweb.com/webjs www.javascript.com www.dynamicdrive.com/
www.webdeveloper.com/javascript www.javascriptworld.com/scripts www.java-scripts.net
www.hotscripts.com www.totalscripts.com www.123webmaster.com www.needscripts.com www.reallybig.com
www.a1javascripts.com javascript.programmershelp.co.uk
developer.netscape.com/tech/javascript/resources.html
www.mountaindragon.com/javascript/resources.htm i'll make like this in cgi and php if u love
it???so....... ....
Java editor
(75) In your opinion what's the best java editor/compiler? i use jcreator le and it works nicely.......
Looking for Java, App, With, Online, Database
|
Searching Video's for Java, App, With, Online, Database
See Also,
|
advertisement
|
|
