Results 1 to 5 of 5

Thread: Password hiding

  1. #1
    C.A.B.A.L. is offline Member
    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0

    Default Password hiding

    Hi, it's my first post :)
    I need help: I did an FTP client to connect to a server, but I neeed to put username and password in the very code. Now I'm afraid that someone might de-compile the jar and obtain such passwords and logins. I've tried using pro guard 4.2 to obfuscate the code, but was unable to build something useable.
    Any tip? I'm using netbeans 6.5

  2. #2
    pbrockway2 is offline Moderator
    Join Date
    Feb 2009
    Location
    New Zealand
    Posts
    4,565
    Rep Power
    12

    Default

    Any tip?
    Yes: rethink whether it's really true that you "neeed to put username and password in the very code". This is the code equivalent of putting the key to your front door under the door mat.

    (1) If your statement about the need is false, then don't do it. Don't put the key under the door mat.

    (2) If your statement is true and you need to do this, then that's it: just do it. Better yet don't bother with the username/password: it saves bending to just leave the front door wide open.

  3. #3
    C.A.B.A.L. is offline Member
    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0

    Default

    you are clearly right
    but I guess I have no other way around. I need this FTP client to send pictures on the server, a friend of mine asked for it. He wants to give this program to his customers, so that they can send him the pictures to print.
    But if I have to use FTP I need the username and password to logon to the server. I guess I'll have to just convert the .jar to .exe to make de-compilation more difficult: I talked about this issue with him and he was not worried about it. I mean, we live in a place where many people have problems just turning on the PC, I don't think anyone would ever think about obtaining the data to log on his website and do some damage. Even then, for what he keeps in there, I don't think there will be too much damage.
    Still, it's not a good thing to do

  4. #4
    angryboy's Avatar
    angryboy is offline Senior Member
    Join Date
    Jan 2009
    Posts
    742
    Rep Power
    6

    Default

    i agree w/ pbrockway2, but if you're in a jam how about this...
    String user = "128123897123987";
    String pass = "238447658923412";
    ftpServer.connect(decode(user), decode(pass));

    now you still have to worry about the decode() method being decompiled... or network sniffing.
    USE CODE TAGS--> [CODE]...[/CODE]
    Get NotePad++ (free)

  5. #5
    emceenugget is offline Senior Member
    Join Date
    Sep 2008
    Posts
    564
    Rep Power
    6

    Default

    encrypt using SHA-1 hash (or MD5). Any password can be cracked, so there's no reason to stray from using tools that are ready to use:

    MessageDigest (Java 2 Platform SE v1.4.2)

Similar Threads

  1. URL Hiding
    By sandeeprao.techno in forum Advanced Java
    Replies: 4
    Last Post: 11-20-2008, 12:55 PM
  2. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum New To Java
    Replies: 2
    Last Post: 11-14-2008, 07:53 PM
  3. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 0
    Last Post: 11-14-2008, 01:22 PM
  4. How to check password of a jsp/html with the password of Database(mysql) #1
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 2
    Last Post: 11-14-2008, 01:11 PM
  5. Hiding parameters from URL
    By Saurabh321 in forum New To Java
    Replies: 0
    Last Post: 02-05-2008, 12:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •