0

I've created a Java application that is basically an interface to a MySQL database. It helps organize and keep track of data. We are using it in my workplace with no problem - I have exported it from Eclipse as a jar file and given everyone a copy of this jar file.

Now we want to make this software available to other workplaces. The problem is that the URL, username, and password for the database are hardcoded in the application. I want to create a setup process for it so that when someone downloads it, they go through a wizard that downloads MySQL and sets up the database wherever they choose. The person can then distribute the jar file to everyone in their workplace without them having to do the setup, because everyone will be accessing the same database.

This process must save the database URL, username, and password somehow so that the people in the workplace can run the jar from whatever computer. This makes me think that they should be saved inside the jar... is a Properties file that I need? Can I put a Properties file inside the jar and allow it to be edited during the setup process?

Any guidance is greatly appreciated, I'm very new to this!

==================================================================================

EDIT: I think what I'm going to do now is let the user install MySQL and set up their database themself. As the answers below suggested, having this automatic might be more trouble than it's worth, as I would have to deal with everyone's different platforms, preferences for setting up the database, security concerns, etc. Once they do this, they will just download my jar file.

I've added a properties file to my jar file to store the database URL, username, and password. This file is initially empty, so when the user runs the jar for the first time, the program will attempt to access the properties file, see that it's empty, and prompt the user to enter this information. It will then extract the properties file from the jar, edit in their information, and stick the properties file back into the jar. Then, the person should be able to distribute the updated jar to their coworkers and they should all be able to open it without having to supply that information. I've got this part almost working. I'm also going to add the ability to "reconfigure" the program - in case the user moves their database - by calling the same method (they would again have to distribute the new version of the program).

Next I want to try securing the properties file somehow by encrypting it or obfuscating the code (although I think that only works for class files and not text files...?). My concern is that anyone in the workplace can unjar it and open the properties file, then use the URL, username, and password to access the database on their own and cause damage. Ideally, no one would be able to unjar it at all except for the program itself.

If anyone has other concerns about my method, please let me know!

FrancesKR
  • 1,200
  • 1
  • 12
  • 27
  • Search google and SO for "java password storage" and also have a look at http://stackoverflow.com/questions/7017688/what-is-the-best-practice-for-securely-storing-passwords-in-java – Java42 Feb 24 '13 at 01:45

4 Answers4

0

First, it would not be trivial to set up a database in a central location in a workplace so that it is accessible by different users. Also, there is the problem of the first user setting it up and then re-distributing the application to others.

Answering the technical questions - the easiest way would be to unjar to a known location, edit the properties file at that location, and then re-jar to a new file, perhaps with a suffix specific to that workplace.

Akber Choudhry
  • 1,755
  • 16
  • 24
  • Thanks, I'll look into this! What kind of problems do you think I would have trying to set up the database? Once the user specifies a location, I thought it would just be a few command line calls. And what problem is there with the first user setting it up and then redistributing it? If I do the re-jarring idea, couldn't I just get that first user to pass the new jar around on a USB, or put it also in a central location so that people can download it? – FrancesKR Feb 25 '13 at 03:17
  • Yes, it is all possible. Since I don't know the exact implementation details, I just thought it might be messy. Best of luck, and keep us posted. – Akber Choudhry Feb 25 '13 at 08:26
0

You could save the property file in a subdirectory of the user home directory, obtained by System.getProperty("user.home). Also, have a look at the Apache Commons Configuration library.

Werner Kvalem Vesterås
  • 10,226
  • 5
  • 43
  • 50
  • Would this only be accessible to the one person who's home directory it's in? I want a way for the properties of the program to be set, then for the same properties to apply for anyone in that workplace. – FrancesKR Feb 25 '13 at 03:12
0

Take a look at HSQLDB. It is a lighter weight db that is rely easy to setup. You can configure it to me the db if it doesn't exist and us it if it does. However, if you need something like MySQL and want to have many users connecting to it from different workstations, I would not recommend downloading and configuring it through an install process. There will be a lot of network and security concerns. As a side note a properties file is a good idea.

This is a link that explains some of the security concerns to think about. Also, thinking about this a little more, users might not have the necessary permissions to setup/configure a db server. It is probably safer/easier for you in the long run to allow them to set up the db server and have them put a properties file in your applications classpath.

As a side note, have you considered making this a web application? That could make things even simpler for you, people wouldnt have to download anything, and there would be no setup for most users.

Community
  • 1
  • 1
John Kane
  • 4,383
  • 1
  • 24
  • 42
  • I'm pretty committed to MySQL, as we've already it written the software that way and that's the system we have set up in my workplace. What kind of network and security concerns do you mean? – FrancesKR Feb 25 '13 at 03:14
  • When you set up a db server, there is typically a fair amount of setup to ensure that the data it is protecting is secure, especially when you would have to open up whatever computer it would be living on in some form for other users to access. I updated my answer with a link that can explain some of the reasons – John Kane Feb 25 '13 at 14:28
0

How do you deploy your Application?

If you're using Webstart, you could define your properties in your jnlp-File and access them with System.getProperties(...);

daniel
  • 3,166
  • 2
  • 17
  • 18