Results 1 to 5 of 5
Thread: Password hiding
LinkBack URL
About LinkBacks- 03-03-2009, 08:51 PM #1
Member
- Join Date
- Mar 2009
- Posts
- 2
- Rep Power
- 0
Password hiding
Hi, it's my first post :)
I need help: I did an FTP client to connect to a server, but I neeed to put username and password in the very code. Now I'm afraid that someone might de-compile the jar and obtain such passwords and logins. I've tried using pro guard 4.2 to obfuscate the code, but was unable to build something useable.
Any tip? I'm using netbeans 6.5
- 03-03-2009, 09:03 PM #2
Moderator
- Join Date
- Feb 2009
- Location
- New Zealand
- Posts
- 4,547
- Rep Power
- 11
Yes: rethink whether it's really true that you "neeed to put username and password in the very code". This is the code equivalent of putting the key to your front door under the door mat.Any tip?
(1) If your statement about the need is false, then don't do it. Don't put the key under the door mat.
(2) If your statement is true and you need to do this, then that's it: just do it. Better yet don't bother with the username/password: it saves bending to just leave the front door wide open.
- 03-04-2009, 12:08 AM #3
Member
- Join Date
- Mar 2009
- Posts
- 2
- Rep Power
- 0
you are clearly right
but I guess I have no other way around. I need this FTP client to send pictures on the server, a friend of mine asked for it. He wants to give this program to his customers, so that they can send him the pictures to print.
But if I have to use FTP I need the username and password to logon to the server. I guess I'll have to just convert the .jar to .exe to make de-compilation more difficult: I talked about this issue with him and he was not worried about it. I mean, we live in a place where many people have problems just turning on the PC, I don't think anyone would ever think about obtaining the data to log on his website and do some damage. Even then, for what he keeps in there, I don't think there will be too much damage.
Still, it's not a good thing to do
- 03-04-2009, 02:35 AM #4
Senior Member
- Join Date
- Jan 2009
- Location
- Javaland
- Posts
- 742
- Rep Power
- 5
i agree w/ pbrockway2, but if you're in a jam how about this...
String user = "128123897123987";
String pass = "238447658923412";
ftpServer.connect(decode(user), decode(pass));
now you still have to worry about the decode() method being decompiled... or network sniffing.USE CODE TAGS--> [CODE]...[/CODE]
Get NotePad++ (free)
- 03-04-2009, 08:25 AM #5
Senior Member
- Join Date
- Sep 2008
- Posts
- 564
- Rep Power
- 5
encrypt using SHA-1 hash (or MD5). Any password can be cracked, so there's no reason to stray from using tools that are ready to use:
MessageDigest (Java 2 Platform SE v1.4.2)
Reply With QuoteSimilar Threads
-
URL Hiding
By sandeeprao.techno in forum Advanced JavaReplies: 4Last Post: 11-20-2008, 12:55 PM -
how to check password for 3 times enterd wrong password
By sk.mahaboobbhasha@gmail.c in forum New To JavaReplies: 2Last Post: 11-14-2008, 07:53 PM -
how to check password for 3 times enterd wrong password
By sk.mahaboobbhasha@gmail.c in forum Java ServletReplies: 0Last Post: 11-14-2008, 01:22 PM -
How to check password of a jsp/html with the password of Database(mysql) #1
By sk.mahaboobbhasha@gmail.c in forum Java ServletReplies: 2Last Post: 11-14-2008, 01:11 PM -
Hiding parameters from URL
By Saurabh321 in forum New To JavaReplies: 0Last Post: 02-05-2008, 12:43 PM
Bookmarks