Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Standard Widget Toolkit (SWT) » password protection
password protection [message #466414] Tue, 10 January 2006 13:44 Go to next message
Dominik is currently offline Dominik
Messages: 9
Registered: July 2009
Junior Member
I want to protect my SWT application with a password. I have already
finished the password-entry field and matching of the password with MD5
checksum.

the only problem I have and can't find a solution for is, where I shall
save the entered password. At the moment I write the MD5 checksum into a
flatfile which - obviously - is not a good solution.

does anybody know how/where I could save the set password that nobody
unauthorized can delete ot?

thanks for any help in advance.
dominik
Re: password protection [message #466416 is a reply to message #466414] Tue, 10 January 2006 14:46 Go to previous messageGo to next message
Haris Peco is currently offline Haris Peco
Messages: 1072
Registered: July 2009
Senior Member
try database or ldap server
Dominik wrote:

> I want to protect my SWT application with a password. I have already
> finished the password-entry field and matching of the password with MD5
> checksum.
>
> the only problem I have and can't find a solution for is, where I shall
> save the entered password. At the moment I write the MD5 checksum into a
> flatfile which - obviously - is not a good solution.
>
> does anybody know how/where I could save the set password that nobody
> unauthorized can delete ot?
>
> thanks for any help in advance.
> dominik
Re: password protection [message #466422 is a reply to message #466416] Tue, 10 January 2006 14:02 Go to previous messageGo to next message
Dominik is currently offline Dominik
Messages: 9
Registered: July 2009
Junior Member
thanks for the tip. I already use HSSQL for saving data. but the problem
is if I would save the password into the DB someone simply could open the
database file with a text editor and delete the password entry.
so I guess this does not work either :(

Haris Peco wrote:

> try database or ldap server
Re: password protection [message #466424 is a reply to message #466422] Tue, 10 January 2006 15:23 Go to previous messageGo to next message
Haris Peco is currently offline Haris Peco
Messages: 1072
Registered: July 2009
Senior Member
db/ldap can be on another server or in disk/direcotry without public access
Dominik wrote:

> thanks for the tip. I already use HSSQL for saving data. but the problem
> is if I would save the password into the DB someone simply could open the
> database file with a text editor and delete the password entry.
> so I guess this does not work either :(
>
> Haris Peco wrote:
>
>> try database or ldap server
Re: password protection [message #466430 is a reply to message #466424] Tue, 10 January 2006 15:02 Go to previous messageGo to next message
Dominik is currently offline Dominik
Messages: 9
Registered: July 2009
Junior Member
the application is an offline application and it's not intended to use an
Internet connection. so unfortunately I cannot use your idea. thanks for
help anyways!

Haris Peco wrote:

> db/ldap can be on another server or in disk/direcotry without public access
> Dominik wrote:

>> thanks for the tip. I already use HSSQL for saving data. but the problem
>> is if I would save the password into the DB someone simply could open the
>> database file with a text editor and delete the password entry.
>> so I guess this does not work either :(
>>
>> Haris Peco wrote:
>>
>>> try database or ldap server
Re: password protection [message #466432 is a reply to message #466422] Tue, 10 January 2006 15:24 Go to previous messageGo to next message
Lars is currently offline Lars
Messages: 32
Registered: July 2009
Member
If you store the key encrypted, then it is virtually impossible to
replace with another working key directly in the db file.

Then the user can only delete the key in the db file in which case you
just refuse to start the application, or he can decompile your
application to see the encryption algorithm used and try to generate his
own working key to put in the db. The latter is not something any normal
user would ever be able to do.

Or you can just store the encrypted key in an ordinary file, but it will
of course be unreadable and unreplacable without knowing the encryption
scheme used.

*/Lars

Dominik wrote:
> thanks for the tip. I already use HSSQL for saving data. but the problem
> is if I would save the password into the DB someone simply could open
> the database file with a text editor and delete the password entry.
> so I guess this does not work either :(
>
> Haris Peco wrote:
>
>> try database or ldap server
>
>
Re: password protection [message #466434 is a reply to message #466430] Tue, 10 January 2006 15:25 Go to previous messageGo to next message
Paul Webster is currently offline Paul Webster
Messages: 6859
Registered: July 2009
Location: Ottawa
Senior Member

Dominik wrote:
> the application is an offline application and it's not intended to use
> an Internet connection. so unfortunately I cannot use your idea. thanks
> for help anyways!
>

There are embedded database servers (derby comes to mind) that would run
as part of your application (no internet connection or central
repository needed). That way you can take advantage of DBMS features,
including authentication if supported, without having to set up a whole
database infrastructure.

Later,
PW


Re: password protection [message #466436 is a reply to message #466414] Tue, 10 January 2006 15:26 Go to previous messageGo to next message
Daniel Spiewak is currently offline Daniel Spiewak
Messages: 263
Registered: July 2009
Senior Member
If you're on a *nix system, you have very granular control over file permissions and shouldn't have a problem protecting the password file. Unfortunately, such a solution wouldn't work with Windows. The only think I can suggest for a cross-platform, offline solution is to store the password in multiple places. Alternatively, store the password in maybe two places and then put checksums elsewhere. That should give you flexability and relative security since someone would have to delete all instances of the password file.
Re: password protection [message #466487 is a reply to message #466430] Tue, 10 January 2006 18:48 Go to previous messageGo to next message
Haris Peco is currently offline Haris Peco
Messages: 1072
Registered: July 2009
Senior Member
you needn't interent connection for this - you need database anywhere
(or ldap server) - it can be on same or another machine in local net or
internet - you need security only and you have if you access to net port
(database or any) - of course, it isn't perfect security and perfect
security doesn't exists
you can use Paul's advice for derby or your hsqldb or any database
Dominik wrote:

> the application is an offline application and it's not intended to use an
> Internet connection. so unfortunately I cannot use your idea. thanks for
> help anyways!
>
> Haris Peco wrote:
>
>> db/ldap can be on another server or in disk/direcotry without public
>> access Dominik wrote:
>
>>> thanks for the tip. I already use HSSQL for saving data. but the problem
>>> is if I would save the password into the DB someone simply could open
>>> the database file with a text editor and delete the password entry.
>>> so I guess this does not work either :(
>>>
>>> Haris Peco wrote:
>>>
>>>> try database or ldap server
Re: password protection [message #466565 is a reply to message #466432] Wed, 11 January 2006 17:29 Go to previous message
Alex Blewitt is currently offline Alex Blewitt
Messages: 946
Registered: July 2009
Senior Member
There's an AuthorizationDatabase for tracking user passwords already in Eclipse. It's part of the core platform.

Platform.addAuthorizationInfo()
Platform.getAuthorizationInfo()

You can essentially store any data that you want, and it's encrypted to disk. Of course, given that the password is known in the code, it's not that impossible to reverse engineer it, but much the same could be said about a database.

<a href=" http://help.eclipse.org/help31/topic/org.eclipse.platform.do c.isv/reference/api/org/eclipse/core/runtime/Platform.html#g etAuthorizationInfo(java.net.URL,%20java.lang.String,%20java.lang.String)"> http://help.eclipse.org/help31/topic/org.eclipse.platform.do c.isv/reference/api/org/eclipse/core/runtime/Platform.html#a ddAuthorizationInfo (java.net.URL,%20java.lang.String,%20java.lang.String,%20jav a.util.Map) </a>
<a href=" http://help.eclipse.org/help31/topic/org.eclipse.platform.do c.isv/reference/api/org/eclipse/core/runtime/Platform.html#g etAuthorizationInfo(java.net.URL,%20java.lang.String,%20java.lang.String)</a>
Alex.
Previous Topic:DropTargetAdapter.dragOver
Next Topic:Highlight color in table / trees
Goto Forum:
  


Current Time: Mon Oct 20 11:35:15 GMT 2014

Powered by FUDForum. Page generated in 0.02372 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software