Menu
I have a program that connect to a web site and do changes on its content. The program login first to have right to change the content. Now I want I pass the program to other peoples so they can run the program to help me finish the task.
The program can only login under my account and I don't want to pass the password. I decided to hard code the password like this :
String username = "username";
String password = "password";
login(username, password);
How to make sure that it will be impossible to recover the password ? If it's impossible what to do to make the operation of recovering hard ? Or what the better way for my problem ?
381
To mask the password field, use the setEchoChar method. For example, to set the echo char to an asterisk, you would do: TextField password = new TextField(8); password.
You should encrypt your credentials before saving the file, and additionally, you can apply a second encryption to the file itself (2-layer encryption to the credentials, and 1-layer to other file contents). Note that each of the two encryption processes mentioned above can be multiple-layered themselves.
Currently, the most secure way to store passwords is using Password Based Encryption (PBE), which provides functions (called Key Derivation Functions (KDFs)) that will convert low entropy user passwords into random, unpredictable, and most importantly one-way, irreversible bytes of data.
Hard-coding credentials is the software development practice of embedding authentication data -- user IDs and passwords -- directly into the source code of a program or other executable object. This is as opposed to obtaining the credentials from external sources or generating them at runtime.
How to make sure that it will be impossible to recover the password ?
If it was impossible to recover, the program couldn't recover it either and it would be useless.
If it's impossible what to do to make the operation of recovering hard ?
Yes, don't call it password. Something very simple is,
String p = "kjasghfdkgasdfjlkasfljkahgdsfjhgdjsfh".substring(8, 15);
Or what the better way for my problem ?
Trust the people trying to help you. Give the account as limited access to do the work as possible and change the password regularly so what while they could work out, they won't have access for long.
170
If the other people have their own accounts on the website, then you can avoid giving away your own account. Put the username and password in a configuration file separate from your program - approximately like this:
Properties login = new Properties();
try (FileReader in = new FileReader("login.properties")) {
login.load(in);
}
String username = login.getProperty("username");
String password = login.getProperty("password");
and create a file login.properties containing this:
username=your_username_here
password=your_password_here
When you give other people the program, give them just the program, and not the configuration file. Give them instructions to create the file with their own username and password.
36
Obfuscate it by storing the password in an array and having the array connected to a complex system of if statements, switch statements, etc. The more complex the better. Have a look at https://gist.github.com/jorgeatorres/442094 for an example of someone doing this with Hello World. Also, don't call it 'password'...
28
You can put your password in in an encrypted format and decrypt it inside your program HOWEVER having a password in your program at all is NOT recommended.
I am assuming this happens via FTP? I recommend you make a login form and let users fill in their own login. You could make an FTP account for each user or whatever.
No matter how much you try to hide it. It's still there and it will still be found.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
