Clever Geek Handbook

How to hide encoded password in Java source code

I have a program that connects to a website and makes changes to its content. The program login first has the right to change the content. Now I want to transfer the program to other people so that they can run the program to help me finish the task.

The program can only log into my account and I do not want to transfer the password. I decided to hardcode the password like this:

String username = "username";
String password = "password";
login(username, password);

How can I be sure that my password cannot be recovered? If it is not possible to have a recovery operation? Or what's the best way for my problem?

+3


source to share


4 answers


How can I make sure my password cannot be recovered?

If it was impossible to recover, the program would not be able to recover it, and it would be useless.

If it is not possible to make the recovery operation harsh?

Yes, don't call it a password. Something very simple



String p = "kjasghfdkgasdfjlkasfljkahgdsfjhgdjsfh".substring(8, 15);

Or what's the best way for my problem?

Trust the people who are trying to help you. Give the account as limited access to make the work as possible as possible, and change the password regularly so that they don't have access for a long time while they are working.

+5


source


If other people have their own accounts on the website, you can avoid giving away your account. Place the username and password in a config file separate from your program - something like this:

Properties login = new Properties();
try (FileReader in = new FileReader("login.properties")) {
    login.load(in);
}
String username = login.getProperty("username");
String password = login.getProperty("password");

and create a file login.properties

containing this:



username=your_username_here
password=your_password_here

When you give other people a program, only give them the program, not the configuration file. Give them instructions to create a file with their own username and password.

+4


source


Obfuscate it by storing the password in an array and linking the array to a complex system of if statements, switch statements, etc. The harder the better. Take a look at https://gist.github.com/jorgeatorres/442094 for an example of someone doing this with Hello World. Also, don't call it "password" ...

+2


source


You can enter your password in encrypted format and decrypt it inside your program. If you have a password at all in your program, it is not recommended.

I'm guessing this is via FTP? I recommend that you make a registration form and let users fill in their own login. You can make an FTP account for each user or whatever.

No matter how much you try to hide it. It is still there, and it will still be found.

+1


source






More articles:


All Articles