Results 1 to 7 of 7
  1. #1
    ramesh.8189 is offline Member
    Join Date
    Feb 2009
    Location
    India
    Posts
    23
    Rep Power
    0

    Default developing a password vault

    hey guys
    I wish to develop a password vault in java. hopefully everyone knows what it is. and for those who dono let me explain.

    1. this tool is used in software companies providing services
    2. when the client s in one place and the service engineer is in some remote place then client can explain his problem thru remote desktop sharing i.e engineer can view client's system thru some software. but it requires a password from the client so that engineer can enter it and get authenticated.
    3. in some cases client s not willing to say the password fearing it may be shared to someone else.
    4. here comes the "password vault". this tool gets the password from client and generates a serial no for it. it locks the serial no with this client so that this no will not be provided for some other clients until the client's problem s cleared and the lock is released.
    5. now i wish to know how to generate serial no randomly and also how to make this lock-release mechanism i.e,not providing the serial no to some other client whwn its in use.

    have a look at the illustration picture

  2. #2
    Steve11235's Avatar
    Steve11235 is offline Senior Member
    Join Date
    Dec 2008
    Posts
    1,046
    Rep Power
    7

    Default

    This is more of a general design issue than Java issue...

    Start with the problem. A client wishes an engineer to remote access the client computer. However, the client wants to verify the identity of the engineer before allowing access.

    I see a couple of things.

    First, the remote access software should *never* run on the client's computer unless the client manually starts it. No daemons or services. When the client manually starts the software, the software should confirm with the user that they meant to start it, possibly requiring the user to validate themselves against the local OS.

    The greatly limits the opportunity window for an intruder, since the software only runs when the client tells it to, and, presumably, the client knows not to run the software until the engineer requests them to, over the phone.

    Second, the engineer must prove that they are the one attempting to access the client system, once the client starts the software. The best way to do this is with third-party certificates. The certificate provider guarantees the identity of the engineer. This is standard stuff, used with Web pages and all sorts of things.

    Third, the communication between the engineer and the client should be encrypted, say with TLS (used to be SSL). This prevents session hijacking.

    All believe Java can do all these things, but they are really independent of the programming language.

    As far as passwords go, I suggest you avoid using them. They are simply too easy to compromise, usually by tricking a person into revealing them. Certificates are far better.

  3. #3
    ramesh.8189 is offline Member
    Join Date
    Feb 2009
    Location
    India
    Posts
    23
    Rep Power
    0

    Default Classes and packages

    thanq steve,
    quite good explanation.. can u say me where I can get all the packages,its classes,interfaces,their methods introduced by sun. I need this cos I ve some J2me programs. but they dint mention the import statement. so i need this detail to know which class comes under what package..

  4. #4
    Steve11235's Avatar
    Steve11235 is offline Senior Member
    Join Date
    Dec 2008
    Posts
    1,046
    Rep Power
    7

    Default

    That was Steve the System Architect talking. I don't have detailed knowledge of all those things.

    Here's what I do when I tackle these sorts of projects (and this is a fairly involved one).

    First, I do research. I start with Google and look for "java xxx", where xxx could be certificates, TLS, whatever. Much of the time, I find myself at the Sun Java Tutorial or in the API.

    I then do some simple prototypes for each piece of technology, just to see how it works. I would create a little application that does certificates, another that does TLS sockets, until I know how to work with the pieces.

    Then I do a design. Then I start coding.

    For me, that would take about three weeks of full-time effort, so I'm not saying to spend two years and write a thesis on what you learn. At the same time, what you want to do is not simple, so come up with a reasonable schedule and manage your boss' expectations.

  5. #5
    ramesh.8189 is offline Member
    Join Date
    Feb 2009
    Location
    India
    Posts
    23
    Rep Power
    0

    Default

    hey steve,
    now i wish to develop an event handling code. a JFrame contains a buttonn. on clicking that,the frame should disappear and a JApplet should appear. i used setVisible(false) in actionPerformed which worked. the frame disappeared. but for making the applet appear i did call init method of applet. but it dint appear.

    can u help?

    i successfully executed 'Frame->Frame transition' but 'Frame->Applet' or 'Applet->Applet' could not be done. suggest me some solutions

  6. #6
    Steve11235's Avatar
    Steve11235 is offline Senior Member
    Join Date
    Dec 2008
    Posts
    1,046
    Rep Power
    7

    Default

    Applets typically run in a browser...

  7. #7
    fishtoprecords's Avatar
    fishtoprecords is offline Senior Member
    Join Date
    Jun 2008
    Posts
    571
    Rep Power
    6

    Default

    Quote Originally Posted by ramesh.8189 View Post
    3. in some cases client s not willing to say the password fearing it may be shared to someone else.
    The standard way to address this problem is to have the user/client set the password to a temporary value, tell it to the tech, use it, and then change it back to something strong.

    You can't design a system that does not require the user/client to enter a password. Well, you can have them enter a passphrase, or use a token or dongle, but its really all the same. The client/user/operator has to enter a password.

    But if you want, you can automate the standard approach, create a program that creates a nonce, email it to the tech, and have the nonce only work for a short time (say 10 minutes).

    This is not without issues. You still have to let the tech know how to connect to the client's machine, find its TCP/IP address, get through NAT and corporate firewalls, etc.

Similar Threads

  1. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum New To Java
    Replies: 2
    Last Post: 11-14-2008, 07:53 PM
  2. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 0
    Last Post: 11-14-2008, 01:22 PM
  3. How to check password of a jsp/html with the password of Database(mysql) #1
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 2
    Last Post: 11-14-2008, 01:11 PM
  4. developing a GUI for solaris 10
    By DuceDuceExplorer in forum NetBeans
    Replies: 5
    Last Post: 08-05-2008, 06:00 AM
  5. Developing for Mac
    By jmds in forum NetBeans
    Replies: 0
    Last Post: 11-25-2007, 07:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •