Question on Preferences class
Hi my application requires that I generate an xml file from the preferences class, then when users open my application it will read this xml file. However the problem is if people open this file they can change these preferences, which would usually require an administrator password. Does anyone know a way of stopping users from doing this?
I have already changed the extension to something other than xml and made the file read only. These measured can of course be easily countered by anyone with a rudimentary amount of computing knowledge.
many thanks
[576 byte] By [
boom_zapa] at [2007-10-3 4:22:15]
> Hi my application requires that I generate an xml
> file from the preferences class, then when users open
> my application it will read this xml file. However
> the problem is if people open this file they can
> change these preferences,
Which is one of the benefits of XML.
> which would usually require
> an administrator password. Does anyone know a way of
> stopping users from doing this?
Don't create XML. They can still edit the registry (on Windows), but usually they won't bother to. Or you can add some custom implemenation with encryption. But what's the problem with the users editing their preferences anyway? I like to be able to do so.
Write down a hash of the relevant values into another field in the xml. That makes it harder to change the values.Kaj
kajbja at 2007-7-14 22:24:31 >
I believe if you use the java.util.prefs.Prefferences class and store your settings in the SystemRoot part of the preferences then, on Windows, it will store the stuff in the CURRENT_MACHINE part of the registry, which may require Admin priviledges.OK, it's not XML.
thanks I will try the hash,
My app requires an xml file because it will be deployed to a shared folder, and an administrator will determine settings such as host name, database name, database password.
If anyone knows a better way to share information from a shared folder I would love to hear from you.
much thanks
> My app requires an xml file because it will be
> deployed to a shared folder, and an administrator
> will determine settings such as host name, database
> name, database password.
Ouch. How about setting up a server process for all to use that relays to the DB and thus shielding the DB server from any other outside access? Much more secure.
Do you know of any documentation that I can read up about this?
>
> If anyone knows a better way to share information
> from a shared folder I would love to hear from you.
>
java.util.prefs.Preferences will sort this out for you and is probably slightly better when it comes to not making people a gift of the database passwords.
It's probably worth doing at least a basic encryption on the credentials, even if it's something minimal like xor-ing them with a random byte array in the program and storing the results as a byte array.
You can write a little micky mouse Java program to install the preferences.
I have done a password encryption.
Are you saying not to worry that other users are able to edit fields such as db name and db password.
By the way I have set it up in such a way that if someone does edit the xml file the system will still be able to recognize who is an administrator and will then generate these preferences again so no data will be lost. However I hate the fact that users can edit these fields, I would much rather setup a server process like cecinestpasunprogrammeur suggested but I have no idea how to start doing this. Can anyone help me?
much thanks
