Java - store sensitive data
I develop application with Java. I need to store some initial configuration data in some kind of file.
I want my app to be able to read this data, but I don't want user to do so.
Example : application loads IP from encrypted file. User sees like "dsda@#21da@" so he won开发者_如何学Python't bother doing anything :)
How should I do such a thing? Thanx!
Are we talking about standard users or IT-savvy users?
For standard users i'd recommend to store the string base64 encoded. Or Just in an undefined binary format.
Otherwise... encryption with a hardcoded key?
If (as you say) you manage user passwords, you should not store them at all. Clear text, static keys, custom keys, it doesn't matter - someone with access to the data store and your program will always be able to retrieve them. What you do instead is use salt and a good hash function and store/compare only the hash values.
Possibly OT, but since you mentioned it is configuration data; I know I'd be a little peeved to have gibberish shown to me by an application. Either allow the users to see the data, and modify it at their risk ... or do not allow the configuration to be visible at all.
As a rule of thumb, if it is sensitive data ... don't store it in your application.
精彩评论