JSP :: Hide Sensitive System Properties Like Passwords Set By Java Applications?
Oct 28, 2014
I am maintaining an existing Java product (which has a HUGE code-base). I discovered that it is setting (and getting) two of its internal passwords as Java system properties, at no less than 4-5 different places (methods). Now, the problem is, the passwords are being stored as plain text in the Java system properties, and so, the same is visible to external entities, as the application is not using any Java Security Manager. For example, if the application (process) is running on port number 1234, we can run the Java command:
jinfo -sysprops 1234
to view both the passwords as values of the corresponding Java system properties. I wish to ask if there is any remedy to this without changing the existing code-base too much? The desired effect would be to "hide" the two Java system properties (denoting the two passwords) from all external entities.
It may be noted that introducing a Java Security Manager into the application may not be a solution, as if we revoke read permissions from the said two Java system properties using the Java Security Manager, the application codes which read those properties would crash. Same is applicable for storing the passwords in encrypted form, as that would crash all codes within the application which are expecting to read the passwords in clear text form.
To give a bit more context, the said two passwords we are storing as Java system properties are actually passwords to access two key-stores, and Tomcat requires that we store the said two passwords in plain-text format. Any workarounds, such that only Tomcat will be able to see the two passwords as-is, while they will be invisible to all other external entities?
Or, is there any way to place the said passwords in other in-memory locations (like static variables) which only Tomcat can (be made to) read instead of placing them as system properties which is exposed to anyone?
I've made a login system with a username and a password. The password is visible and I wanna hide it, how do I do that? Here is my code (have used swing);
I am quite new to java and trying to print all the system properties with the following
code:System.out.println(System.getProperties());
This prints all the properties as expected but I am wanting to put each property on a new line and am struggling a bit. Obviously I will need some sort of for loop etc but im just not sure how to do it. Is it something along the lines of:
for (int i = 0; i < System.getProperties().size(); i++){
What my understanding of what the above is doing is checking how many properties there are an looping round for each property that exists, so all I need to do is get the property 1 at a time however I am not sure where to get the property value to input into the System.getProperty(); method.
If my file name is MyBigXMLFile.xml it won't delete but if I rename it to mybigxmlfile.xml it will delete. How do you get around the case sensitive issue?
I'm new to java and haven't develop any application before that... I need to develop an application through which i can send data from 1 computer to another computer. These communication in between the computers are those are under one router connection. Means they can connect even without internet access
Main concept is as follow
1. Java application on computer A [server side application] 2. Java application on Computer B [Client side application] 3. Java application on computer C [Client side application]
Now computer B and C communicate with computer A. but they don't know about presence of each other
I have an application written in Java on the Linux platform. My application will work the following way:
User A will open application. User B will open application.User A will need to send User B a message but without a socket connection.User B will need to send User A a message but without a socket connection.The user should be able to identify the messages sent to each other.If User A reads user B's message the message will no longer be available in the channel of communication.If one user exits their application their message should be removed.User C should not be able to read user A and user B message (This is only via the application design, no real security here).Applications should be able to work on different machines however they will utilize a shared network mount to access files modified by each other.
I do have to note that the messages being sent is rather small and only 1 message is sent from each user, so in that regard I did not want to setup a client/server model to do this using sockets.
Basically I am looking for a similar concept as a message queue but more relevant to my requirements done in Java. What are some good options to use that will address some of my requirements? I have not touched Java in a long time and only have used it for certain usage so I am trying to get an idea of which current technologies are best for what I need.
I just installed java on my computer because i was getting messages that it was no longer there. And I figured out how to solve my problems on my browsers. but i don't see how to enable java in my applications on the hard drive. in particular, i want to use the database in open office but don't see how to enable it.
I have a problem with several java applications. When I start them Java wants to connect to the certificate authority, to check if the certificate is still valid and not on a blacklist.
The problem is: my whole internet is behind a password protected proxy. If I open my browser i get a windows with username and password. I enter it and internet in the browser works. But for Java it isn't working, because I see no point, where I can enter the password and username for the proxy. I can enter the proxy ip and port in the java settings, but not the password and username. So I get a error screen from java, telling me, that java could not connect. I can disable the check in the java settings, but I don't wont that.
Is there a way to tell java, that java uses my proxy with my password and username? I already googled this problem and found nothing except tutorials for connecting with proxy in the java code. But these applications are not from me, I can't change the code ...
Write a program reads in a series of passwords into an array. Store 10 passwords. After creating the password array, have the reader enter a password and see if it is in the array. Fi it is there, print "Valid password" and if it is not there, print "Invalid password."
This is what i have so far
Java Code: public class passwordMatch { public static void main (String [] args){ String [] myArray = new String[10]; myArray[0] = "jasmine22"; myArray[1] = "jackson77";
[Code] .....
It doesn't compile. It gives me error saying .class expected next to String.myArray[]
File destHtmlFolder = new File("C:/bea/user_projects/domains/OICDomain/DOC_SERVER/REPORT_HTML_DUMP"); File srcExcelFolder = new File("C:/bea/user_projects/domains/OICDomain/applications/IIMS/IIMS/target/source/REPORT_EXCEL_DUMP");
I'm making a stock system for the heck of it,so everything was going great until I hit the loop I am trying to use a for loop to add stock to the stock system,any way the question is maily about loops.How come I cannot declare a variable outside a loop and assign a value to it,for example I can declare as follows and I will not get an error,
but in my code(and yes its the only error I get I tested it) I get an error and can only declare and assign a value inside the loop,the reason for this is because I wanted to get the value from another class and use it in the loop ok so heres the code from both classes.
public class mainn{
public static void main(String [] args){ stock first = new stock(); int internal; internal = first.wanted;
I just want to calculate search time for my algorithm . How to get system time in java other than System.nanotime() and System.currenttimemillis() as these methods does not returns consistent time for same input is their another option to get system time???
I have been working on making a Java application for the Game RuneScape. My goal is to make an Application to where you register on the application and it saves the information in a file. I am also looking to make it so you can transfer money from Runescape to your Account on my Application by submitting a ticket. When you submit a ticket you get assisted by one of the moderators, they trade you in the game and take the money, and then they take that money out of their current account. Admins are allowed to give moderators money via their account or another method. My issue is creating the ticket system. I want to be able to do this all via the application. So basically what i have currently for the application is a chat room, with different rooms available to go into by the users. So I need to make the tickets show up only to Moderators and Admins in the general chat room.
I search this source code in google about library system then i run this in my JCreator then that error appear . I think that problem is all about "main". where can i put that main ?
I need to kill or remove windows system process like cmd.exe from java code. Like removing it from end process in task mgr. I tried below code but its not removed. Is there a better way we can do this.
killing a system process from java code will create any issues?
public static void main(String[] args) throws Exception { String[] cmd = { "cmd.exe" }; Process p = Runtime.getRuntime().exec(cmd); p.destroy(); }
We have this website that is run on two web applications. The first web application hosts the home page and clicking certain links in the home page would forward it to pages of the second web application where certain functionalities can be done. Now, there has been an initiative to redesign the site to have a login page and only logged in users could browse it. This would mean a login page being created in the first app, and when links to the second application are clicked, the pages are supposed to forward to it with the same session of the user that logged in.
We have already creating handling to pass the session from the first app to the second. Logging out from the first application would also invalidate the same user session in the second application. My questions is, is this a bad idea? would it be better to combine the two apps even if it would mean a huge impact?
or is there are better way to do this? like set it in web.xml. I have read that you cannot use two context for it.
I'm deployed application A and application B in TOMCAT server applications, the U1 user enters into the application A, he authenticates and generates a call to a page of the app B. As I was able to access the session of user U1 en A from B, it could have a single session.
The question states: Design a class named LinearEquation
for a 2 x 2 system of linear equations:
ax + by = e
cx + dy = f
Where
x =
ed − bf/ad − bc
y =
af − ec/ad − bc
The class contains:
- Private data fields a, b, c, d, e, and f. - A constructor with the arguments for a, b, c, d, e, and f. - Six get methods for a, b, c, d, e, and f. - A method named isSolvable() that returns true if ad−bc is not 0. - Methods getX() and getY() that return the solution for the equation.
Write a test program that prompts the user to enter a, b, c, d, e, and f and displays the result. If ad − bc is 0, report that "The equation has no solution."
I believe that my program is correct because I am able to compile it and get no errors, however I have no clue how to display the information for x and y or display this equation has no solution if ad-bc=0.
Java Code:
import java.util.Scanner; public class Exer911 { public static void main(String[] args){ // Create a scanner system to hold the numbers for each variable Scanner input = new Scanner(System.in); // Prompt the user to enter a number for each of the variables
I am doing a project "online election system" client-server base application.
I have a party registration class in my program. and I have a party registration form in which I want to upload a image(Poll Symbol) for newly register party. but I don't know how to do this.?
I would like users in an application to be able to access and edit their user profiles (Application A). The problem is that the user objects (entities, dao, beans) are handled in a separate application (Application B) which is specifically for managing user accounts. Importing the java sources for App B into App A could be messy and might need configuration of the persistence unit and connection. I'm thinking it would be better to inject an EJB from App B to App A to query the user DB and return the results so a user profile form is rendered in App A.
I know how to inject EJBs within the same application, but I'm not so sure about how it's done across different applications or even if that's the most advisable way to achieve what I want. it's better practice to inject an external EJB into App A or simply import the classes from App B and use those.
@Stateless public class UsersDaoImpl implements UsersDAO { @PersistenceContext private EntityManager em;
I am in search of a library that has been created in JAVA that can be utilized to solve for roots of a nonlinear system of equations. Each equation has 2 variables, x and y, and will need a library that uses higher calculus equations. No ones that just solve for x.
Most of the libraries that have been created to solve nonlinear equations are either in Fortran, C, or Python. There are a few libraries such minpack/scipy. The only libraries that I have been able to find or programming solutions that are in JAVA either require additional programs such as Matlab or are commercial products
I did find one library put together by a professor in Colorado State, but am unsure how to use it. There does not seem to be a way to enter your functions in the code.
Newton Raphson Method - Multivariable(x and y) Page Not Found
How to use this library or find a library that can be used in an android application would be amazing.
I've been asked to create an app for nutritionists to check what their clients are eating.
I've found a database of all foods with nutritional values. In the past I've dealt with databases which just have are just one dimensional, so it's been easy to just create a string array for it. But this is absolutely huge, it's got about 10,000 rows and 30 or so columns, so that's not going to work any more.
The app needs to ask what the client ate at which times, and then save this along with the nutritional values.
What would be the best way to go about storing and calling a database of this size in java?
Should I learn SQL and JDBC to tackle it or is there any easier way?