File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Simple way to discourage modification of shipped jars? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Simple way to discourage modification of shipped jars?" Watch "Simple way to discourage modification of shipped jars?" New topic
Author

Simple way to discourage modification of shipped jars?

Peter Chase
Ranch Hand

Joined: Oct 30, 2001
Posts: 1970
In our application, we propose to include some HTML templates in Jar(s). We would like to make it reasonably difficult for users to add, remove or modify templates.
Presumably, Java security can do this, but what would be the simplest solution?
I am experienced in Java, but new to security APIs, so please bear this in mind when replying.
TIA.


Betty Rubble? Well, I would go with Betty... but I'd be thinking of Wilma.
Dan Bizman
Ranch Hand

Joined: Feb 25, 2003
Posts: 387
There is NO way. The problem for you is that jar files are based on the zip format. However, no security was built into it (Zip, such as winzip, does have very simple/useless security of a password, but that's NOT available for jars in Java.). So all they have to do is use winzip on windows or unzip on linux and they've got your HTML files.
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
It's not all that difficult, once you know how -- but if you're unfamiliar with PKI it can be a bit daunting at first.
Jar the templates up in their own jar, then sign the jar using the jarsigner tool. This will provide each file with an unforgeable digital signature. You'll need to generate your signature first, but the keytool documentation does a reasonable job explaining that. I think (but am not 100% sure) that a simple self-signed certificate will do.
The most straightforward way to verify the signature is not to store the jar in your CLASSPATH, but to open it explicitly using the JarFile class. You can then use JarEntry.getCertificates() to retrieve the certificate for each HTML file, and verify that they are yours by calling Certificate.verify() with your public key that your hardwire in your application. Since your users do not have your private key, they cannot add or modify templates and provide them with the right certificate.
That leaves the problem of removing templates, which is easy enough to address by including a signed list of templates in the jar.
- Peter
[ June 25, 2003: Message edited by: Peter den Haan ]
Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
That was a nice catch Peter! The only thing is, I'm not sure it totally fits his definition. What will happen is the users will change them and then see they don't work anymore. They'll then bug him and get him to send over a new version, wasting his time. But still, your idea is the only one that'd work. Nice!
Peter Chase
Ranch Hand

Joined: Oct 30, 2001
Posts: 1970
Originally posted by Robert Paris:
... I'm not sure it totally fits his definition. What will happen is the users will change them and then see they don't work anymore. They'll then bug him and get him to send over a new version, wasting his time.

I think that it would fit my requirement. If users, who are not allowed to modify things, go ahead and try to do so, then they deserve whatever they get. Or perhaps that's just a naive developer's view of the world!
I am not sure whether I will use the jarsigner approach, or put the security at a different level in the product. But thanks anyway.
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
A more lightweight approach would be to calculate a simple MD5 hash for each template (possibly as you read the template in), and compare the hash with the known good value stored in a properties file somewhere. If you "encrypt" the hashes by XORing them with a "secret key", no ordinary mortal will be able to mess with the templates.
Of course this is not serious security because anyone determined enough to use a decompiler can simply figure out how the thing works, retrieve the value of the "secret key" and manipulate the templates with abandon. But it sounds like you might be more concerned about discouraging ordinary users than about thwarting determined hackers.
- Peter
[ June 27, 2003: Message edited by: Peter den Haan ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Simple way to discourage modification of shipped jars?
 
Similar Threads
Storing template outside webapp
Writing Secured Web applications.
How is security pattern different ?
help
Problem using custom ClassLoader