sorry to ask it...i know there are lots of question on SO regarding same but none of the techniques are not working.
I want to encrypt the jar or class so that no one can retrieve it.
Actually there is user name and password of server database in the application. So if anyone retrieve it then they can gain unauthorized access to the database.
I tried many software, and after creating exe file,it can be extracted easily.
so please tell me what can i do?
Asked
Active
Viewed 716 times
-2
Anil Saraswati
- 11
- 1
- 10
-
2Use a web service instead of connecting to the database directly. – Thallius Feb 03 '15 at 16:43
-
1You should neven put credentials in compiled code. Always pass them to the runtime as properties (environment variables or configuration or application parameters) – mwhs Feb 03 '15 at 16:44
-
Encrypt only the password. – Roman C Feb 03 '15 at 16:45
-
@RomanC: if he encrypts the password the symmetric key will need to be included in the jar file. Bad idea... – mwhs Feb 03 '15 at 16:47
-
@ClausBönnhoff how can i use web service..i have mysql database over server – Anil Saraswati Feb 03 '15 at 16:50
-
@mwhs Let em use asymmetric then, even better. – Roman C Feb 03 '15 at 16:50
-
@mwhs Actually i don't know much more about such type of configuration.So better try to explain it. – Anil Saraswati Feb 03 '15 at 16:51
-
@RomanC Please try to explain...i don't know any encryption technique...and how to use them..please – Anil Saraswati Feb 03 '15 at 17:01
-
You can encrypt a class file or a jar to avoid reverse engineering. As a bonus you'll also avoid running the code. – xehpuk Feb 03 '15 at 17:16
-
@RomanC asymmetric encryption is also a bad idea in this case. – mwhs Feb 04 '15 at 10:09
2 Answers
1
You could use a property file. You externalize it out of your jar. And retrieve the informations via a "getResourceAsStream" or something like that.
The second solution is to use a JNDI configuration, so in your jar you just define a name, and the web server declare all the properties of your connection.
vincent
- 1,214
- 12
- 22
-
please explain it with a example...It sounds like good...but what should i write in properties file and in which format.. Don't know about JNDI configuration..so please explain it also. – Anil Saraswati Feb 03 '15 at 16:57
-
http://stackoverflow.com/questions/4085420/how-do-i-read-a-properties-file-and-connect-a-mysql-database If you use spring, it could be easier, and don't forget to add your file to your classpath. And for JNDI, it depends on your application server, so i let you search, here are some information for tomcat http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html – vincent Feb 03 '15 at 17:06
-
if i will put the user name and password in either .properties or .config then it would be easily opened from notepad.So i think it will not be sufficient for hiding the confidential data or encrypting it. – Anil Saraswati Feb 03 '15 at 17:11
-
it will be a file somewhere on your server, but you can share the jar without sharing the login/pwd. May be you can encrypt it. Make a quick search on 'externalize jdbc properties' – vincent Feb 03 '15 at 18:04
-1
I got the solution:
ProGuard is the best software to safe the class or jar from reverse engineering.
After using it, if anyone will try to decrypt it then he will not able to understand it because it has been changed to new one.
Anil Saraswati
- 11
- 1
- 10
-
As @vincent said, your approach is not a good one to solve the problem. and from the ProGoard site: "Making programs and libraries harder to reverse-engineer." that does not seem to be safe imho. – Arne Burmeister May 17 '15 at 14:21