1. DLP Flash Christmas Competition + Writing Marathon 2024!

    Competition topic: Magical New Year!

    Marathon goal? Crank out words!

    Check the marathon thread or competition thread for details.

    Dismiss Notice
  2. Hi there, Guest

    Only registered users can really experience what DLP has to offer. Many forums are only accessible if you have an account. Why don't you register?
    Dismiss Notice
  3. Introducing for your Perusing Pleasure

    New Thread Thursday
    +
    Shit Post Sunday

    READ ME
    Dismiss Notice

Java Code help!

Discussion in 'Tech Support' started by Breed, Feb 26, 2011.

  1. Breed

    Breed Third Year

    Joined:
    Jun 2, 2008
    Messages:
    88
    Location:
    Newcastle, UK
    Hello, oh knowledgeable ones. In need of a bit Java help.

    I'm currently putting the finishing touches to my Final Year Project for University, but I'm having trouble with one aspect.

    When my program initialises, it requests the user to enter a password before they can then use the rest of the system.

    In it's most basic form, the method simply matches the users input to a String and checks they're equal.

    E.g.
    String password = "password"
    if(password.equals(userInput))
    startProgram
    else
    requestPasswordAgain();

    I have this working fine.

    However, in my program I want to be able to give the user the option of changing the password, but I don't know of a way of making this change permanent. I can do:

    password = newPassword;

    But when the program is restarted, the password String will obviously go back to its default of "password".

    Short of writing the password to an external file and encrypting it, I don't know how to make this work.

    Any ideas? Thanks in advance.
     
  2. Castiel

    Castiel Headmaster

    Joined:
    Dec 7, 2010
    Messages:
    1,020
    Location:
    India
    My knowledge of Java is a large empty void but assuming that in java you can work with external files (which most probably you can) just save the password in a file and if the user wishes to change it save the new password in that file. Of course, this leads to the problem of the user opening the file and getting the password.

    To overcome that you need to use any encryption mechanism, like in PHP one uses md5 to encode and then save the password. Basically

    Code:
    
    password = getencryptedpasswordfromfile
    password2 = encrypt(password from user)
    if (password == password2) { 
    start program
    }
    
    
    for changing password

    Code:
    newpassword = encrypt(passwordgivenbyuser)
    put the value of newpassword into the file.
    
     
  3. silverlasso

    silverlasso Minister of Magic DLP Supporter

    Joined:
    Dec 7, 2007
    Messages:
    1,302
    Location:
    San Francisco
    1) How are you saving the password if not in an external file?

    2) Don't encrypt, use a salted hash (btw Deoxys, there is a difference). And while you can use MD5 as your hashing function, there are better alternatives.
     
  4. Breed

    Breed Third Year

    Joined:
    Jun 2, 2008
    Messages:
    88
    Location:
    Newcastle, UK
    The password is simply a String variable in the program. It is set to 'password' as default. When the user inputs the password, the program checks to see if the two Strings are equal. I was planning on just having the program change the variable when the user changes the password, but of course, when the program is re-run, the String goes back to its default password. I've been trying to find a solution without using an external file, but I don't think there is one.

    I'll check it out, thanks.
     
  5. Johnny Farrar

    Johnny Farrar High Inquisitor

    Joined:
    Mar 14, 2009
    Messages:
    521
    Location:
    In front of a Computer.
    What you can do instead of writing the password to an external file is that you can link up your program to a back-end database and store the contents of the string reference variable in there. That will suitably take care of the security factor.
     
  6. enembee

    enembee The Nicromancer DLP Supporter

    Joined:
    Feb 22, 2008
    Messages:
    301
    Location:
    Murias
    High Score:
    2,451
    Seems stupid to use a database for such a simple program. There is no way to do what you want to do. Variables cannot be stored in a Java executable alone you have to use an external text file.
     
  7. Castiel

    Castiel Headmaster

    Joined:
    Dec 7, 2010
    Messages:
    1,020
    Location:
    India
    My point exactly. Using a database is a lot of hassle when you can put a few values in a config.txt file. (any other settings that user might want to change like resolution and stuff)

    And yes I know the difference between salt and md5. I was just putting out an idea. :)

    Hijacking the topic, I have a little bit knowledge of C++ and none at all for Java. I currently want to learn either Java or C#.

    Which is a better choice?
     
  8. Pringles

    Pringles First Year

    Joined:
    Dec 1, 2009
    Messages:
    23
    Location:
    In my head
    Depending on how secure you require your password to be, you could always just write it to a regular file, but add 1 random bit before your password (Google BitOutputStream). This will cause any application that opens your data and tries read it to display a nice selection of obscure ASCII characters instead of your password. So long as you don't call the file 'password' it shouldn't be too obvious whats going on to the casual user.

    Beats having to use Javas ass backwards (imo) security classes at any rate.
     
  9. silverlasso

    silverlasso Minister of Magic DLP Supporter

    Joined:
    Dec 7, 2007
    Messages:
    1,302
    Location:
    San Francisco
    :facepalm ...I don't know how to respond to this.

    Edit: Okay, I'll elaborate. I meant that there is a difference between encryption (e.g. RSA) and hashing (e.g. MD5 or SHA-1/SHA-2). In this context, the latter refers to one-way hashing, which is what you'd want to use for password checks. Salts are just random strings of data you concatenate with passwords before hashing.
     
    Last edited: Feb 27, 2011
  10. Heleor

    Heleor EsperJones DLP Supporter

    Joined:
    Mar 3, 2006
    Messages:
    1,442
    Location:
    Seattle, WA
    Security through obscurity is not security.
     
  11. Pringles

    Pringles First Year

    Joined:
    Dec 1, 2009
    Messages:
    23
    Location:
    In my head
    Haha, while i appreciate your point I think for a non commercial final year project with presumably made up test data if any, it might just about suffice.

    Ps. Security through only obscurity is not security.
     
Loading...