Eclipse Community Forums: Standard Widget Toolkit (SWT)

Home » Eclipse Projects » Standard Widget Toolkit (SWT) » password protection

Tue, 10 January 2006 08:44

Eclipse User

I want to protect my SWT application with a password. I have already
finished the password-entry field and matching of the password with MD5
checksum.

the only problem I have and can't find a solution for is, where I shall
save the entered password. At the moment I write the MD5 checksum into a
flatfile which - obviously - is not a good solution.

does anybody know how/where I could save the set password that nobody
unauthorized can delete ot?

thanks for any help in advance.
dominik

Re: password protection [message #466416 is a reply to message #466414]

Tue, 10 January 2006 09:46

Eclipse User

try database or ldap server
Dominik wrote:

> I want to protect my SWT application with a password. I have already
> finished the password-entry field and matching of the password with MD5
> checksum.
>
> the only problem I have and can't find a solution for is, where I shall
> save the entered password. At the moment I write the MD5 checksum into a
> flatfile which - obviously - is not a good solution.
>
> does anybody know how/where I could save the set password that nobody
> unauthorized can delete ot?
>
> thanks for any help in advance.
> dominik

Re: password protection [message #466422 is a reply to message #466416]

Tue, 10 January 2006 09:02

Eclipse User

thanks for the tip. I already use HSSQL for saving data. but the problem
is if I would save the password into the DB someone simply could open the
database file with a text editor and delete the password entry.
so I guess this does not work either :(

Haris Peco wrote:

> try database or ldap server

Re: password protection [message #466424 is a reply to message #466422]

Tue, 10 January 2006 10:23

Eclipse User

db/ldap can be on another server or in disk/direcotry without public access
Dominik wrote:

> thanks for the tip. I already use HSSQL for saving data. but the problem
> is if I would save the password into the DB someone simply could open the
> database file with a text editor and delete the password entry.
> so I guess this does not work either :(
>
> Haris Peco wrote:
>
>> try database or ldap server

Re: password protection [message #466430 is a reply to message #466424]

Tue, 10 January 2006 10:02

Eclipse User

the application is an offline application and it's not intended to use an
Internet connection. so unfortunately I cannot use your idea. thanks for
help anyways!

Haris Peco wrote:

> db/ldap can be on another server or in disk/direcotry without public access
> Dominik wrote:

>> thanks for the tip. I already use HSSQL for saving data. but the problem
>> is if I would save the password into the DB someone simply could open the
>> database file with a text editor and delete the password entry.
>> so I guess this does not work either :(
>>
>> Haris Peco wrote:
>>
>>> try database or ldap server

Re: password protection [message #466432 is a reply to message #466422]

Tue, 10 January 2006 10:24

Eclipse User

If you store the key encrypted, then it is virtually impossible to
replace with another working key directly in the db file.

Then the user can only delete the key in the db file in which case you
just refuse to start the application, or he can decompile your
application to see the encryption algorithm used and try to generate his
own working key to put in the db. The latter is not something any normal
user would ever be able to do.

Or you can just store the encrypted key in an ordinary file, but it will
of course be unreadable and unreplacable without knowing the encryption
scheme used.

*/Lars

Dominik wrote:
> thanks for the tip. I already use HSSQL for saving data. but the problem
> is if I would save the password into the DB someone simply could open
> the database file with a text editor and delete the password entry.
> so I guess this does not work either :(
>
> Haris Peco wrote:
>
>> try database or ldap server
>
>

Re: password protection [message #466434 is a reply to message #466430]

Tue, 10 January 2006 10:25

Eclipse User

Dominik wrote:
> the application is an offline application and it's not intended to use
> an Internet connection. so unfortunately I cannot use your idea. thanks
> for help anyways!
>

There are embedded database servers (derby comes to mind) that would run
as part of your application (no internet connection or central
repository needed). That way you can take advantage of DBMS features,
including authentication if supported, without having to set up a whole
database infrastructure.

Later,
PW

Re: password protection [message #466436 is a reply to message #466414]

Tue, 10 January 2006 10:26

Eclipse User

If you're on a *nix system, you have very granular control over file permissions and shouldn't have a problem protecting the password file. Unfortunately, such a solution wouldn't work with Windows. The only think I can suggest for a cross-platform, offline solution is to store the password in multiple places. Alternatively, store the password in maybe two places and then put checksums elsewhere. That should give you flexability and relative security since someone would have to delete all instances of the password file.

Re: password protection [message #466487 is a reply to message #466430]

Tue, 10 January 2006 13:48

Eclipse User

you needn't interent connection for this - you need database anywhere
(or ldap server) - it can be on same or another machine in local net or
internet - you need security only and you have if you access to net port
(database or any) - of course, it isn't perfect security and perfect
security doesn't exists
you can use Paul's advice for derby or your hsqldb or any database
Dominik wrote:

> the application is an offline application and it's not intended to use an
> Internet connection. so unfortunately I cannot use your idea. thanks for
> help anyways!
>
> Haris Peco wrote:
>
>> db/ldap can be on another server or in disk/direcotry without public
>> access Dominik wrote:
>
>>> thanks for the tip. I already use HSSQL for saving data. but the problem
>>> is if I would save the password into the DB someone simply could open
>>> the database file with a text editor and delete the password entry.
>>> so I guess this does not work either :(
>>>
>>> Haris Peco wrote:
>>>
>>>> try database or ldap server

Re: password protection [message #466565 is a reply to message #466432]

Wed, 11 January 2006 12:29

Eclipse User

There's an AuthorizationDatabase for tracking user passwords already in Eclipse. It's part of the core platform.

Platform.addAuthorizationInfo()
Platform.getAuthorizationInfo()

You can essentially store any data that you want, and it's encrypted to disk. Of course, given that the password is known in the code, it's not that impossible to reverse engineer it, but much the same could be said about a database.

<a href=" http://help.eclipse.org/help31/topic/org.eclipse.platform.do c.isv/reference/api/org/eclipse/core/runtime/Platform.html#g etAuthorizationInfo(java.net.URL,%20java.lang.String,%20java.lang.String)"> http://help.eclipse.org/help31/topic/org.eclipse.platform.do c.isv/reference/api/org/eclipse/core/runtime/Platform.html#a ddAuthorizationInfo (java.net.URL,%20java.lang.String,%20java.lang.String,%20jav a.util.Map) </a>
<a href=" http://help.eclipse.org/help31/topic/org.eclipse.platform.do c.isv/reference/api/org/eclipse/core/runtime/Platform.html#g etAuthorizationInfo(java.net.URL,%20java.lang.String,%20java.lang.String)</a>
Alex.

Previous Topic:	DropTargetAdapter.dragOver
Next Topic:	Highlight color in table / trees

Goto Forum:

-=] Back to Top [=-

Current Time: Mon Jul 14 19:46:15 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter