So I have made an applet to upload files to a server which uses FTp details.How can I stop them from getting the JAR file , extracting the files and decompiling the classes to get the FTP details.
When I sign the pplet, the process asks for a passwors, will the extraction process ask for this password?
Thanks
Hi,
From what I've seen the JAR file can be extracted easily with WinRar (or WinZip if you rename to .zip extension!). The signing just verifies that the contents of the jar haven't been changed by someone since it was created.
Heh it looks like we're working on the same problem...!
What I'm doing with my applet (based on the ZUpload applet from Sourceforge) is have it to read in the ftp connection params from an encrypted file.In my case the users are "semi trusted" so I am just trying to prevent someone casually lifting the ftp login and bypassing the applet. Obviously in theory someone could still decompile my classes and get the secret key then decrypt the params, but in my case this is unlikely to be a problem.
I'd love to hear if you find a better way!