 |
|
Index ‹ java-programmer
|
- Previous
- 2
- Filechooser appearanceI am using Netbeans. I need a JFileChooser to pop up in it's own
window, but i'm not sure how to make this happen. i'm new to java gui
programming. could someone please point me in the direction of (or
just provide) a clear-cut example of how to do this, as I can' seem to
find one?
- 2
- Another exception handling question
public void myMethod (String name){
if(!condition1){
throw new IllegalArgumentException("A message ");
}
if(!condition2){
throw new IllegalArgumentException("Another mesage");
}
}
When I call myMethod I want to distinguish between the different
reasons for the same exception. Is it better to make my own
exception ? What is my good practice?
cheers,
//mike
- 2
- Java application for GPRS connectionI need to manage the GPRS connection (set up the connection, connect
and disconnect) in a symbol handheld device with Windows Mobile 5. I'm
developing this application with Java 1.3 and using IBM J9 as jvm. How
can I deal with this?
Many Thanks
- 3
- card shuffling errorI am relatively new to java programming and I am working on a card
project for school. I had finished and tested every method with error
in my Deck class. However, in the time it took to pick up dinner it is
now producing errors. I would greatly appreciate anyone input and help.
This is the error that is produce when invoking the shuffle method.
java.lang.IndexOutOfBoundsException: Index: 235, Size: 51
at java.util.ArrayList.RangeCheck(ArrayList.java:546)
at java.util.ArrayList.get(ArrayList.java:321)
at Deck.swap(Deck.java:176)
at Deck.shuffle(Deck.java:129)
public class Deck
{
/** The number of cards in a deck */
public static final int DECK_SIZE = 52;
/** The number of times to shuffle */
public static final int TIMES_TO_SHUFFLE = 1000;
private ArrayList deck; // a deck of cards
/**
* Constructor for objects of class Deck
*/
public Deck()
{
deck = new ArrayList();
newDeck();
}
/**
* Load a new deck with all DECK_SIZE cards
*/
public void newDeck()
{
if (deck.size() > 0){
deck = null;
}
else{
//Hearts
deck.add(new Card("Ace","Hearts",11));
deck.add(new Card("Two","Hearts",2));
deck.add(new Card("Three","Hearts",3));
deck.add(new Card("Four","Hearts",4));
deck.add(new Card("Five","Hearts",5));
deck.add(new Card("Six","Hearts",6));
deck.add(new Card("Seven","Hearts",7));
deck.add(new Card("Eight","Hearts",8));
deck.add(new Card("Nine","Hearts",9));
deck.add(new Card("Ten","Hearts",10));
deck.add(new Card("Jack","Hearts",10));
deck.add(new Card("Queen","Hearts",10));
deck.add(new Card("King","Hearts",10));
//Diamonds
deck.add(new Card("Ace","Diamonds",11));
deck.add(new Card("Two","Diamonds",2));
deck.add(new Card("Three","Diamonds",3));
deck.add(new Card("Four","Diamonds",4));
deck.add(new Card("Five","Diamonds",5));
deck.add(new Card("Six","Diamonds",6));
deck.add(new Card("Seven","Diamonds",7));
deck.add(new Card("Eight","Diamonds",8));
deck.add(new Card("Nine","Diamonds",9));
deck.add(new Card("Ten","Diamonds",10));
deck.add(new Card("Jack","Diamomds",10));
deck.add(new Card("Queen","Diamonds",10));
deck.add(new Card("King","Diamonds",10));
//Spades
deck.add(new Card("Ace","Spades",11));
deck.add(new Card("Two","Spades",2));
deck.add(new Card("Three","Spades",3));
deck.add(new Card("Four","Spades",4));
deck.add(new Card("Five","Spades",5));
deck.add(new Card("Six","Spades",6));
deck.add(new Card("Seven","Spades",7));
deck.add(new Card("Eight","Spades",8));
deck.add(new Card("Nine","Spades",9));
deck.add(new Card("Ten","Spades",10));
deck.add(new Card("Jack","Spades",10));
deck.add(new Card("Queen","Spades",10));
deck.add(new Card("King","Spades",10));
//Clubs
deck.add(new Card("Ace","Clubs",11));
deck.add(new Card("Two","Clubs",2));
deck.add(new Card("Three","Clubs",3));
deck.add(new Card("Four","Clubs",4));
deck.add(new Card("Five","Clubs",5));
deck.add(new Card("Six","Clubs",6));
deck.add(new Card("Seven","Clubs",7));
deck.add(new Card("Eight","Clubs",8));
deck.add(new Card("Nine","Clubs",9));
deck.add(new Card("Ten","Clubs",10));
deck.add(new Card("Jack","Clubs",10));
deck.add(new Card("Queen","Clubs",10));
deck.add(new Card("King","Clubs",10));
}
}
/**
* Add a single card to the deck.
* @param a Card object
*/
public void addCard(Card newCard)
{
// add a card to the deck
deck.add(newCard);
}
/**
* Shuffle the deck. This involves selecting random pairs of
* cards and swapping them, the number of times to swap determined
* by the constant TIMES_TO_SHUFFLE.
*/
public void shuffle()
{
//Zero the deck vector
deck.removeAllElements();
int index1 ,index2;
for (int i = 0; i < DECK_SIZE ; i++) {
index1 = (int)(Math.random()*TIMES_TO_SHUFFLE);
index2 = (int)(Math.random()*TIMES_TO_SHUFFLE);
swap (index1, index2);
}
}
/**
* Display the entire contents of the deck. Not used in the
* game but useful for debugging.
*/
public void showDeck()
{
Iterator it = deck.iterator();
while(it.hasNext()) {
Card currentCard = (Card) it.next();
System.out.println(currentCard);
}
}
/**
* Remove the top card from the deck.
* @return the Card object removed or null if there is nothing in
the deck.
*/
public Card takeCard()
{
int index = 0;
if (index >= deckSize()) {
return null;
}
else{
return (Card) deck.remove(0);
}
}
/**
* Return size of deck
*/
public int deckSize()
{
return deck.size();
}
/**
* Card Swap method
*/
public void swap(int index1, int index2) {
Card temp = (Card)deck.get(index1);
deck.set(index1, deck.get(index2));
deck.set(index2, temp);
}
/**
* Methods returns card index and card description - testing
purpose
*/
public void displayCardIndex()
{
for (int index = 0; index < deckSize(); index++)
{
System.out.println("Index: " + index + " Card : " +
deck.get(index));
}
}
}
- 3
- 9
- IO ExceptionHi,
I have a Java application which takes in either the server name or IP
address, domain name, user name and password, and copies the files
from the specified server directory to the local C drive.
It works perfectly fine when I run this on my local m/c and I can use
either the server name or the server IP address.
But when I move the jar file to a different workstation and execute it
I get an IO exception - 'Source file does not exist' when I specify
the server using its IP address. It still works on a different
workstation when I pass the server name.
Any clue as to why should it happen?
Thanks,
Beena
- 10
- Help with writing simple parser for HTML/XMLI'm having trouble getting started with coding a simple parser and prototype
for my application.
The parser needs to parse HTML & XML pages to strip the tags and return just
the data. Ive read thru sevral java refeerence books but seem to be having
trouble getting started with the code.
I'd be gratefull for a push in the right direction.
thanks
sal
ps this is my final year University Computer Science project
for more details on the project
http://www.mellowmoose.org/project.html
- 12
- draw line position - networkingThe code bellow will enable users to scrible anything on a canvas. Now
what I intend to do is to create a vector object for every position
(pre_x,pre_y,x, y) of the lines drawn on the canvas and send it using
a socket connection to a remote server.
public void mouseDragged(MouseEvent e)
{
if(isButtonPressed==true)
{
pre_x=e.getX()+scrollbarH_value;
pre_y=e.getY()+scrollbarV_value;
isButtonPressed=false;
}
x=e.getX()+scrollbarH_value;
y=e.getY()+scrollbarV_value;
offscreenImageG.drawLine( pre_x, pre_y, x, y);
pre_x=x;
pre_y=y;
repaint();
e.consume();
message.setText(pre_x + ":" + pre_y + ":" + x + ":" + y);
}
Is my apporach considered to be feasible?. Any other ways?
Regards.
- 12
- JspException in custom tagHello,
Can someone show me the error of my ways.....
I have a custom tag 'public int doStartTag() throws JspException' from
which a JspException is thrown. The exception is forwarded to an JSP
error page and from there I want to (eventually) shove the contents of
the exception into a javabean.
My javabean is set up as follows:
public class errorBean
{
Throwable errorObject = null;
String errorMessage = null;
public void setErrorObject(Throwable errorObject)
{
this.errorObject = errorObject;
errorMessage = errorObject.getMessage();
}
public String getErrorMessage()
{
return errorMessage;
}
} //errorBean
My JSP error page looks like:
<%@ page isErrorPage="true" %>
<html>
<body>
<jsp:useBean id="errorBean" class="errorBean"/>
<jsp:setProperty name="errorBean" property="errorObject"
value="${pageContext.errorData.throwable}"/>
The error message is <jsp:getProperty name="errorBean"
property="errorMessage"/>
</body>
</html>
When I throw an exception like 'throw new JspException("Hello World")'
in my custom tag,
everything seems to work i.e. "Hello World" shows up in my Mozilla &
Netscape browser.
When I throw an exception like 'throw new JsPException("Hello
World",throwableObject)
where throwableObject subclasses Throwable, I get a 'http status 500'
error, but the browser clearly displays as part of a stack trace (?)
the exception "Hello World" as well as the root cause.
Why would this work in one case ('throw new JspException("Hello
World")' and other
('throw new JsPException("Hello World",throwableObject)) fail to
display "Hello World"?
Thnaks for any help.
- 13
- benchmarks? java vs .netJon Skeet [C# MVP] wrote:
> On Jun 3, 4:39 pm, Jon Harrop <email***@***.com> wrote:
>> FWIW, F#/Mono is 3x slower than F#/.NET on the SciMark2 benchmark. I'd like
>> to know how performance compares between these platforms for parallel code.
>
> If Razii is genuinely comparing Java with Mono (I haven't looked at
> any of the figures) it's a silly test to start with (unless you're
> specifically interested in Mono, of course). The vast majority of C#
> code runs on .NET rather than Mono - and while I applaud the Mono
> team's work, I seriously doubt that it has quite has much effort going
> into it as Microsoft is putting into .NET. I'd expect .NET to
> outperform Mono, and on microbencharks like these the difference could
> be quite significant in some cases.
I have frequently seen a x2 factor between MS .NET 2.0 and Mono 1.2 !
Comparing with Mono is too easy.
Arne
- 13
- Where in the language is ".class"?Where in the Java language specification or API is the idiom
"Foo.class" defined? It's not an attribute of any class I can find,
and I can't find it in the core language specification.
Thanks.
- 15
- googling google persistance using google apiI've been over to <http://www.google.com/apis/> and downloaded
GoogleAPIDemo.java, which is much simpler than expected. I'd like to
save the query results to a file. I'm thinking that each query result
could almost be apended to an XML file, this seems the most natural and
easiest approach.
However, I'm, err, not finding anything on google about doing so. I
know that the demo uses SOAP and I know that I know nothing about SOAP
and have no real interest in learning about SOAP at this time.
However, I believe that SOAP is good for communicating with databases,
yes?
I've been over to <http://www.w3.org/TR/soap/> which led me to:
Abstract
SOAP is a lightweight protocol for exchange of information in a
decentralized, distributed environment. It is an XML based protocol
that consists of three parts: an envelope that defines a framework for
describing what is in a message and how to process it, a set of
encoding rules for expressing instances of application-defined
datatypes, and a convention for representing remote procedure calls and
responses. SOAP can potentially be used in combination with a variety
of other protocols; however, the only bindings defined in this document
describe how to use SOAP in combination with HTTP and HTTP Extension
Framework.
which all sounds very nice but it seems like I'd have to buy a book to
get it working. There's lightweight, then there's lightweight, if you
get my meaning, and I think that SOAP is bit not-lightweight for my
purposes. I would like an XML file with something like (please forgive
my atrocious XML):
<result>
<www.whatever.com />
<some text here />
</result>
<result>
<www.foo.com />
<different text here />
</result>
<result>
<www.bar.com />
<text on bar here />
<result>
Or something along those lines, which mirrors whatever google gives the
demo. However, I can't find something ready-made for creating such a
file, which surprises me. I'm looking for something relatively easy
which I can put together with the demo to save some results to file,
such that the results can be put into a database at a later time.
However, my google results are less than stellar. How do people
save/persist their google results?
My personal computer is broken at the moment, so this all hypothetical.
I haven't compiled the demo yet, never mind modifying it.
thanks,
Thufir
- 16
- Did anyone upload file to php server by using swing applet before? Need help!!!Hi,
I need a help. Recently I wrote a swing applet for uploading files to
php server. It seems that everything is fine now. I can get the exactly
same size files in the server. For text file, there is no any problem
to be openned. But for image and moive files (such as .jpeg, .gif .mov
and etc.), those files can not be openned after they are uploaded to
sever even the size is exactly the same as orignal files.
I think that it should be caused by "Content-Type".
For testing, I change my Content-Type to "image/gif" to send gif files.
However, the problem is still there. Now, I have no idea about this
problem. Could any one give me a favor? Thanks in advance!!!
I attached the code related to connection and sending data here for
your review.
public boolean upload() throws Exception{
boolean done = false;
String file_name = file.getName();
String file_data = readFile();
StringBuffer response = new StringBuffer("");
OutputStream os = null;
BufferedReader in = null;
HttpURLConnection conn = null;
try{
URL serverURL = new URL(url);
// connect to server
URLConnection uc = serverURL.openConnection();
conn = (HttpURLConnection) uc;
conn.setAllowUserInteraction(true);
conn.setInstanceFollowRedirects(true);
// set connection as POST
conn.setRequestMethod("POST");
conn.setDoOutput(true); // turns it into a post
// setup headers
conn.setRequestProperty(
"Content-Type",
"multipart/form-data; boundary=" + CONTENT_BOUNDARY);
conn.setRequestProperty("Accept-Language", "en-us");
conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
conn.setRequestProperty("CACHE-CONTROL", "no-cache");
os = conn.getOutputStream();
String request =
"--"
+ CONTENT_BOUNDARY
+ "\r\n"
+ "Content-Disposition: form-data; name=\"upfile\"\r\n\r\n"
+ file_name
+ "\r\n"
+ "--"
+ CONTENT_BOUNDARY
+ "\r\n"
+ "Content-Disposition: form-data; name=\"upfile\"; filename=" +
file_name
+ "\r\nContent-Type: multipart/form-data\r\n\r\n"
+ file_data //file is read into a string here, is it OK? But no
other choose.
+ "\r\n"
+ "--"
+ CONTENT_BOUNDARY
+ "\r\n";
System.out.println("DEBUG: Sending the following request:\n\r" +
request);
System.out.println("DEBUG: Sending the post request...\n\r");
os.flush();
os.write(request.getBytes(), 0, request.getBytes().length);
os.flush();
in = new BufferedReader(new
InputStreamReader(conn.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
// closing connections
in.close();
in = null;
os.close();
os = null;
conn.disconnect();
conn = null;
done = true;
- 16
- Handling of DST in javaHi,
Does java handle DST automatically ?
I'm using java Gregorian calendar to get the time/date. Does this
automatically give the local time/date iirrespective of DST or special
handling should be done ?
- 16
- the best way to store program setupHello,
What is the best way to store program configuration settings? Each
class has its own parameters that might be useful just for current
class. There are some parameters that might be useful in whole
program. Probably main class could have confifiguration for whole
program, but how I could access them from class that is inside main
class?
Thank you
|
| Author |
Message |
yvashchenko
|
 Posted: 2004-9-29 18:48:00 |
Top |
java-programmer, Java security
I havean applet that connects to Oracle osing the thin client. It
works when run from IDE. When I try to load it into a web browser I
get
java.security.AccessControlException: access denied
(java.util.PropertyPermission oracle.jserver.version read)
What's up?
|
| |
|
| |
|
Robert Klemme
|
| Posted: 2004-9-29 22:58:00 |
Top |
java-programmer >> Java security
"yvashchenko" <email***@***.com> schrieb im Newsbeitrag
news:email***@***.com...
> I havean applet that connects to Oracle osing the thin client. It
> works when run from IDE. When I try to load it into a web browser I
> get
>
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission oracle.jserver.version read)
Applets are only allowed to contact the server they originated from unless
they are signed. It's generally not a good idea to write an applet that
uses JDBC directly. Rather communicate with the server and have him do
the DB work. You can make your life easier by using serialized data for
the communication. That way the parsing is done for you.
robert
|
| |
|
| |
|
yvashchenko
|
| Posted: 2004-9-30 17:19:00 |
Top |
java-programmer >> Java security
Robert
Danke shoen,
But could you explain the fact that I can run the very same applet
from IDE (IntelligIdea)? Apparently it means that this is possible
somehow.
The problem is that I do not have access to the server and I need this
application to be a part of a webpage.
Yuri
"Robert Klemme" <email***@***.com> wrote in message news:<email***@***.com>...
> "yvashchenko" <email***@***.com> schrieb im Newsbeitrag
> news:email***@***.com...
> > I havean applet that connects to Oracle osing the thin client. It
> > works when run from IDE. When I try to load it into a web browser I
> > get
> >
> > java.security.AccessControlException: access denied
> > (java.util.PropertyPermission oracle.jserver.version read)
>
> Applets are only allowed to contact the server they originated from unless
> they are signed. It's generally not a good idea to write an applet that
> uses JDBC directly. Rather communicate with the server and have him do
> the DB work. You can make your life easier by using serialized data for
> the communication. That way the parsing is done for you.
>
> robert
|
| |
|
| |
|
Robert Klemme
|
| Posted: 2004-9-30 18:05:00 |
Top |
java-programmer >> Java security
"yvashchenko" <email***@***.com> schrieb im Newsbeitrag
news:email***@***.com...
> Robert
> Danke shoen,
>
> But could you explain the fact that I can run the very same applet
> from IDE (IntelligIdea)? Apparently it means that this is possible
> somehow.
Apparently the IDE does not employ a SecurityManager. There is no server
that the applet was loaded from so it can't possibly check the connection.
Well it could use localhost, but apparently there are no checks.
> The problem is that I do not have access to the server and I need this
> application to be a part of a webpage.
As I said: don't use JDBC in applets. In your case either implement your
own protocol over HTTP or use Java WebStart.
robert
>
>
> Yuri
>
> "Robert Klemme" <email***@***.com> wrote in message
news:<email***@***.com>...
> > "yvashchenko" <email***@***.com> schrieb im Newsbeitrag
> > news:email***@***.com...
> > > I havean applet that connects to Oracle osing the thin client. It
> > > works when run from IDE. When I try to load it into a web browser I
> > > get
> > >
> > > java.security.AccessControlException: access denied
> > > (java.util.PropertyPermission oracle.jserver.version read)
> >
> > Applets are only allowed to contact the server they originated from
unless
> > they are signed. It's generally not a good idea to write an applet
that
> > uses JDBC directly. Rather communicate with the server and have him
do
> > the DB work. You can make your life easier by using serialized data
for
> > the communication. That way the parsing is done for you.
> >
> > robert
|
| |
|
| |
|
james
|
| Posted: 2005-3-28 21:01:00 |
Top |
java-programmer >> Java security
Hi all,
My company is trying to decide make a platform desicion between
C++/Java. I am in favor of Java however I am compelled to answer a
question yet I am unable to find a solution.
The problem is as follows: The application will have a two secret keys
(A 128 bit constants) and a public encryption algorihtm (AES). It will
encrypt some data offline and send via public methods to some other
place at a later time(not our server). Obviously, the security of this
data is extremely important. (A financial application). Application
will only be provided to trusted entities therefore I don't have to go
thru authentication. (ie. verify the sender)
Our concern is one could decompile the Java class files and see what
these constants are and hence break the whole system. I have checked
out various solutions to see how can we avoid this issue and not yet
come up with a 100% secure solution.
Obsfucation doesn't work as it doesn't really hide the constants.
Encyrption of the constants: If we did this, someone can enrypt these
constantants. This solution is nothing more than adding another layer
to the difficulty. (We can pick a private algorithm but decompiling
would expose algorithm)
I also can not change the JVM to add extensions as I would have to
deploy multiple extensions for various platforms.
I appreciate any pointers.
Thanks,
James
|
| |
|
| |
|
Michael Amling
|
| Posted: 2005-3-28 22:25:00 |
Top |
java-programmer >> Java security
James wrote:
> Hi all,
>
> My company is trying to decide make a platform desicion between
> C++/Java. I am in favor of Java however I am compelled to answer a
> question yet I am unable to find a solution.
>
> The problem is as follows: The application will have a two secret keys
> (A 128 bit constants) and a public encryption algorihtm (AES). It will
> encrypt some data offline and send via public methods to some other
> place at a later time(not our server). Obviously, the security of this
> data is extremely important. (A financial application). Application
> will only be provided to trusted entities therefore I don't have to go
> thru authentication. (ie. verify the sender)
>
> Our concern is one could decompile the Java class files and see what
> these constants are and hence break the whole system. I have checked
> out various solutions to see how can we avoid this issue and not yet
> come up with a 100% secure solution.
>
> Obsfucation doesn't work as it doesn't really hide the constants.
>
> Encyrption of the constants: If we did this, someone can enrypt these
> constantants. This solution is nothing more than adding another layer
> to the difficulty. (We can pick a private algorithm but decompiling
> would expose algorithm)
This is a classic problem. How could C++ solve it any better than Java?
Have you considered public key cryptography? A program need not be
capable of hiding a secret to send data confidentially to a recipient
with a known public key. Basically, Alice knows Bob's public key. Alice
encrypts the data with a secret key selected at random at runtime. Alice
sends the random secret key, encrypted with Bob's public key, along with
the ciphertext. Bob can recover the random secret key using the private
key that corresponds to his public key and with the random secret key in
hand, can decrypt the ciphertext.
--Mike Amling
|
| |
|
| |
|
Oscar kind
|
| Posted: 2005-3-28 23:37:00 |
Top |
java-programmer >> Java security
In comp.lang.java.help James <email***@***.com> wrote:
[cut: the need for keeping data of a financial application secret]
> Our concern is one could decompile the Java class files and see what
> these constants are and hence break the whole system. I have checked
> out various solutions to see how can we avoid this issue and not yet
> come up with a 100% secure solution.
>
> Obsfucation doesn't work as it doesn't really hide the constants.
Yes it does, provided you use the right obfuscation. Flow obfuscation
doesn't really help here, as the algorithm is known. String obfuscation
however, mangles the constants (base64 encoded for example). This is
probably even more difficult to decompile than compiled C/C++ code, as
constants are also easily decompilable for those languages.
> Encyrption of the constants: If we did this, someone can enrypt these
> constantants. This solution is nothing more than adding another layer
> to the difficulty. (We can pick a private algorithm but decompiling
> would expose algorithm)
>
> I also can not change the JVM to add extensions as I would have to
> deploy multiple extensions for various platforms.
This provides the clue that obfuscation doesn't work. It also shows why
C/C++ in themselves are not a solution either: reverse engineering is
always possible (you can only make it more difficult).
The suggestion of another poster to use an asymetric algorithm is much
better, as the means of decompiling are not available then.
--
Oscar Kind http://home.hccnet.nl/okind/
Software Developer for contact information, see website
PGP Key fingerprint: 91F3 6C72 F465 5E98 C246 61D9 2C32 8E24 097B B4E2
|
| |
|
| |
|
Michel Gallant
|
| Posted: 2005-3-28 23:42:00 |
Top |
java-programmer >> Java security
"Michael Amling" <email***@***.com> wrote in message news:ntU1e.18737$email***@***.com...
> James wrote:
> > Hi all,
> >
> > My company is trying to decide make a platform desicion between
> > C++/Java. I am in favor of Java however I am compelled to answer a
> > question yet I am unable to find a solution.
> >
> > The problem is as follows: The application will have a two secret keys
> > (A 128 bit constants) and a public encryption algorihtm (AES). It will
> > encrypt some data offline and send via public methods to some other
> > place at a later time(not our server). Obviously, the security of this
> > data is extremely important. (A financial application). Application
> > will only be provided to trusted entities therefore I don't have to go
> > thru authentication. (ie. verify the sender)
> >
> > Our concern is one could decompile the Java class files and see what
> > these constants are and hence break the whole system. I have checked
> > out various solutions to see how can we avoid this issue and not yet
> > come up with a 100% secure solution.
> >
> > Obsfucation doesn't work as it doesn't really hide the constants.
> >
> > Encyrption of the constants: If we did this, someone can enrypt these
> > constantants. This solution is nothing more than adding another layer
> > to the difficulty. (We can pick a private algorithm but decompiling
> > would expose algorithm)
>
> This is a classic problem. How could C++ solve it any better than Java?
>
> Have you considered public key cryptography? A program need not be
> capable of hiding a secret to send data confidentially to a recipient
> with a known public key. Basically, Alice knows Bob's public key. Alice
> encrypts the data with a secret key selected at random at runtime. Alice
> sends the random secret key, encrypted with Bob's public key, along with
> the ciphertext. Bob can recover the random secret key using the private
> key that corresponds to his public key and with the random secret key in
> hand, can decrypt the ciphertext.
>
> --Mike Amling
This concept of generating a random symmetric key for bulk encryption,
and encrypting that secret symmetric key with the public key of recipient(s)
is called "enveloping".
A pkcs standard called EnvelopedData encapsulates the various bits (symmetric
encrypted blob, RSA-encrypted symmetric key and recipient certificate .. etc..).
EnvelopedData structures are further encapsulated into common secure email
S/MIME formats, which makes sending encrypted files (granted with size limitations by email
attachment restrictions) really simple.
Currently Java does not support these encapsulations so you need to use 3rd
party support. e.g. here is Bouncy Castle sample:
http://www.jensign.com/JavaScience/javacrypto
or of course, you can roll your own custom format (which can expose other security
problems!)
- Mitch Gallant
www.jensign.com
|
| |
|
| |
|
Robert Angelino
|
| Posted: 2005-3-29 0:49:00 |
Top |
java-programmer >> Java security
Michael Amling wrote:
> James wrote:
>
>> Hi all,
>>
>> My company is trying to decide make a platform desicion between
>> C++/Java. I am in favor of Java however I am compelled to answer a
>> question yet I am unable to find a solution.
>>
>> The problem is as follows: The application will have a two secret keys
>> (A 128 bit constants) and a public encryption algorihtm (AES). It will
>> encrypt some data offline and send via public methods to some other
>> place at a later time(not our server). Obviously, the security of this
>> data is extremely important. (A financial application). Application
>> will only be provided to trusted entities therefore I don't have to go
>> thru authentication. (ie. verify the sender)
>>
>> Our concern is one could decompile the Java class files and see what
>> these constants are and hence break the whole system. I have checked
>> out various solutions to see how can we avoid this issue and not yet
>> come up with a 100% secure solution.
>>
>> Obsfucation doesn't work as it doesn't really hide the constants.
>> Encyrption of the constants: If we did this, someone can enrypt these
>> constantants. This solution is nothing more than adding another layer
>> to the difficulty. (We can pick a private algorithm but decompiling
>> would expose algorithm)
>
>
> This is a classic problem. How could C++ solve it any better than Java?
This is a classic question software designers face---especially when
secure applications are involved. If anyone who thinks their software,
even an executable, is "secure"--they are fooling themselves. I can
just as easily dissemble a native exe and get assembly as I can
construct the
java source from a jar file. All you're doing is slowing someone down.
However, Java is by far the easiest to reassemble to something that
looks amazing close to the original source. Yes, Java provides
such an easy platform for development, yet nothing comes for free.
Shipping a java exe is way better than shipping a jar file. The
way to protect yourself is through copyrights, embedded algorithms
that make your software detectable in case someone is trying to
duplicate your functionality and is too lazy to change it enough to hide
his efforts, and dare I say it without starting a debate on free
software----patents. This is just the software, placing constants or
encryption keys in source is just not smart. Design your software such
that your keys reside on usb-based keys fabs so that you can change them
often. Keep in mind no matter how you design this aspect of your
application, there will always be a way of breaking it, all you're
doing is slowing someone down.....
<snip>
-robert
|
| |
|
| |
|
Pat Farrell
|
| Posted: 2005-3-29 14:18:00 |
Top |
java-programmer >> Java security
James wrote:
> Our concern is one could decompile the Java class files and see what
> these constants are and hence break the whole system. I have checked
> out various solutions to see how can we avoid this issue and not yet
> come up with a 100% secure solution.
No serious security system can rely upon hiding the secrets.
It is at best, Security By Obscurity.
You have to assume that people will disassemble, decompile, etc.
the code you distribute. It has nothing to do with the language
chosen.
You can not have a 100% secure system without having either a human
enter a key periodically, or using a hardware crypto box. Since the
hardware crypto boxes cost thousands of dollars, it is probably
unrealistic.
You have to weigh security against convience for your users.
As you get more secure, you will have hassled users. Get used to it.
A more important question to ask yourself is "how valuable is the thing
I'm trying to protect". It is is low value, like the MP3 bits of a song,
you know what is the appropriate security to apply.
--
Pat Farrell email***@***.com
PRC Recording http://www.pfarrell.com/prc/
|
| |
|
| |
|
KiLVaiDeN
|
| Posted: 2005-3-29 14:27:00 |
Top |
java-programmer >> Java security
"James" <email***@***.com> a 閏rit dans le message de
news:email***@***.com...
> Hi all,
>
> My company is trying to decide make a platform desicion between
> C++/Java. I am in favor of Java however I am compelled to answer a
> question yet I am unable to find a solution.
>
> The problem is as follows: The application will have a two secret keys
> (A 128 bit constants) and a public encryption algorihtm (AES). It will
> encrypt some data offline and send via public methods to some other
> place at a later time(not our server). Obviously, the security of this
> data is extremely important. (A financial application). Application
> will only be provided to trusted entities therefore I don't have to go
> thru authentication. (ie. verify the sender)
>
> Our concern is one could decompile the Java class files and see what
> these constants are and hence break the whole system. I have checked
> out various solutions to see how can we avoid this issue and not yet
> come up with a 100% secure solution.
>
> Obsfucation doesn't work as it doesn't really hide the constants.
>
> Encyrption of the constants: If we did this, someone can enrypt these
> constantants. This solution is nothing more than adding another layer
> to the difficulty. (We can pick a private algorithm but decompiling
> would expose algorithm)
>
> I also can not change the JVM to add extensions as I would have to
> deploy multiple extensions for various platforms.
>
> I appreciate any pointers.
>
> Thanks,
> James
Never give encrypt keys on an application.
You can make your application gather encrypted data from network, but find
another solution to provide the keys to decrypt it. I'd suggest emails, but
they are not really secure (if you are paranoid about security), so better
give them by phone or letter, or use a SSL http website with the user login,
that'll show him "his" decrypt key, and not everybody's key. I am not sure,
but I think you already planned that, just pointing it, because in my
opinion, it's the biggest flow to give keys in your application (even if
they are encrypted), as then potential "hackers" would have all datas they
need single packaged.
Now that said, concerning the algorithm for decryption, I'd say that no
matter what you do, there is always a way to reverse engineer the class
files ( or the exe files ). However, it has been clear that class files can
be much easily interpreted than native source code, as there is tools that
allow you to check the java code, tools which are very much harder to find
concerning native code ( you'll be able to disassemble code, but assembly is
completely another thing than Java ). This said, I'd suggest that once
again, you make your data go through a SSL connection, and gather all the
data you need with xml or something like that.. Got no real idea how to
implement that the best way, but I think SSL is the real thing you need for
your application, even though i'm unsure wether it's possible to send a file
with SSL encryption.. But the idea is to have algorithms at home, and only
allow trusted users to use the online objects.
K
|
| |
|
| |
|
| |
|
Index ‹ java-programmer |
- Next
- 1
- Anyone seen this problemMaybe I am being stupid, but I am having difficulty getting mouse events
from a custom JComponent. At this point I have put an instance of a subclass
of JComponent in a JScrollPane and placed it in the center of a
BorderLayout. I then added a mouse listener to the subclass of JComponent,
traced through the code to make sure I am acutally adding the listener, but
my mouseClicked(), mousePressed() and mouseReleased() methods on my listener
class are not called. Any one seen this problem before.
- 2
- 3
- 4
- 5
- Question on the flush methodAccording to Sun's web site, the flush method of the OutputStream object
does nothing.
So, what does actually happens when you call it?
At times I may see different behavior when including it within a program
(some times a socket read error) which I would think is strange esspecially
if the method is not supposed to do anything.
Any ideas?
- 6
- Java program helpHello everyone, I need your help.. can you check why did i commit an
error on the n=System.read("enter numer:"); part...? Thanks in
advance...
By the way, the program will run as follows:
the user will input a number, and the program will generate the
fibonacci series based on the number. if example user input is 4,
there should be four series of fibonacci...:)
public class fibonacci
{
public static void main(String args[])
{
int prev1 = 1, prev2 = 1, current = 1;int n;
n = System.read("enter number: ");
for (int i = 3; i <= n; i++)
{
current += prev2;
prev2 = prev1;
prev1 = current;
System.out.println(" " + current);
}
}
}
- 7
- Array of generic List?Hello,
I am new to 1.5 and thus generics. I have read the generic tutorial and
a decent number of websites/newsgroup posts on the subject. But I still
cannot find a satisfactory solution to the following (as of now the
best I've got is an unchecked conversion warning)
The code below does not compile, but I think it shows to a human what I
want to accomplish. I can't seem to find the proper syntax and use of
generics to accomplish this without a warning. Any help and reasoning
why I need to do whatever the solution is would be great. Thanks.
public class MyClass {
private List<Foo>[] myFoos;
public MyClass() {
myFoos = new List<Foo>[5];
}
public void addFoo(int index, Foo foo) {
myFoos[index].add(foo);
}
}
- 8
- thin java cient?Hello, please, I'm searching for a Thin Java Client, for J2EE.
I want to build a thin java swing client.
How to do it?
tks
Programador
----------------------------------
email***@***.com
- 9
- Need help creating a program to create sudukoStill a little rough at this language but i need to create a program
for my class. Was wanting to create a java program that makes sudukos.
It doesn't need a GUI or anything like that just ouput to a txt file
ot to the screen. I would appreciate any help or direction.
- 10
- Novice Form QuestionI am a novice at JSP / HTML and have a Forms releated question. I am
really looking for sample code I can leverage to help understand how
to address non-trivial form layouts.
I undestand the how to build a -simple- form with a few input fields
and process this with JSP - Struts interaction. Unfortunately, I am
weak in HTML / JavaScript and I need to understand and build a more
complicated form.
Basically my form must look something like this:
User Name: _________________ Baggage Type ____________
Add Button | Remove Button Add Button | Remove Button
---------------------------- -------------------------
| Tom | | SomeBagType 1 |
| Dick | | SomeBagType 2 |
| Harry | | SomeBagType 3 |
| Jane | | SomeBagType 4 |
| | | |
---------------------------- -------------------------
Submit Button Cancel Button
Note that there are 6 buttons on the form. The Add / Remove buttons
are intended to allow the user to Add or Remove -User name's- or
-Baggage Type's- before the form is submitted.
I am not sure how to handle this. My guess is that Javascript might
work ( I do Java but not JavaScript :-( ) but I am open to suggestions
and most importantly EXAMPLES of how this might be implemented.
This code will part of a JSP-Struts project.
Thanks.
- 11
- java.nio problemI had a NIO problem.
I tried to open a socket channel, and grep a HTML page from HTTP GET.
I did it success if I open and close socket channel everytime I send a
request and get the response.
However, if I keep open the socket channel and send multiple requests,
I'll get IOException.
Does anybody know how to solve this problem? Thanks in advance!
Note: I don't want to fire requests in parallel but one by one
sample code:
=============================================================
private Charset charset = Charset.forName("ISO-8859-1");
private SocketChannel channel;
try
{
// do connection
InetSocketAddress socketAddress =
new InetSocketAddress( "www.mydomain.com", 80);
channel = SocketChannel.open(socketAddress);
// send request #1
channel.write(charset.encode("GET /page1.html HTTP/1.0\r\n\r\n") );
// read response #1
ByteBuffer buffer = ByteBuffer.allocate(1024);
while ((channel.read(buffer)) != -1)
{
buffer.flip();
System.out.println(charset.decode(buffer));
buffer.clear();
}
// send request #2
channel.write(charset.encode("GET /page2.html HTTP/1.0\r\n\r\n") );
// read response #2
// program threw "java.io.IOException: Read failed" error
while ((channel.read(buffer)) != -1)
{
buffer.flip();
System.out.println(charset.decode(buffer));
buffer.clear();
}
}
catch (IOException e)
{
e.printStackTrace();
}
finally
{
if (channel != null)
{
try
{
channel.close();
} catch (IOException e) {}
}
}
=============================================================
- 12
- XML call XSL that calls xml through document() elementHello,
I am trying to create an XML document on the fly that sends some
parameters to an xsl document which calls the correct xml document that
corresponds to the parameters.
I reference the xsl document:
<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="web-primary.xsl"?>
I am just trying to hardcode the request to prove that this is possible
for the time being so the parameters are already in the xsl that will
eventually be variables.
but I am unsure what else to include in the first XML file to make the
call to the web-primary.xsl????? My XSL is complete and the
corresponding XSL files are complete.
The xsl doc has a document element that calls the correct xml file that
contains the data.
My reason for doing all of this is because Firefox will not allow me to
go to a remote xml file from the server so I want the browser to do the
work of getting the remote xml file. If you have a better way of doing
this, please let me know.
thx.
- 13
- Java server performance - jeetyHi All,
I am working on an application where a servlet need to handle min 600
request / sec(which will keep on increasing in future)
So I am not able to decide which application server I should use.
As I go through some benchmarks I came to know that Jetty's performance
is better but
I don't know how much load it can handle.
Is there any who has used Jetty on heavy traffic application?
or is there any another servlet container / HTTP Server which can
handle such a load
Plz suggest me.
Thanks in Advance.
Rajiv Girdhar
- 14
- internet address vs lanI am about to create a RPC program and I need a servlet to talk to a
server. The servlet is running on the internet, the server is running
on a lan computer. I am pretty sure that the lan ip address is behind
our firewall. Can I still communicate with the server through RPC.
Berlin Brown
email***@***.com
this question sounds confusing, doesnt it?
- 15
- Saving canvasHi. I have a problem with saving canvas to file. All over net there
are faqs on how to save a NEW canvas to file (after drawing on it). I
have a canvas, what should i do in order to save what's currently on
it to a file?
|
|
|
