Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security : How to protect my data

 
Ould Nadif
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have developped a application J2ME that connect to my serveur and download a midi file.
I have a serious problem of security with motorola V525:when my midlet J2ME connect to my serveur,the whole URL of my serveur is displayed. The user can use this URL from any computer to download my midi file.

How to hide the URL of my server to any user

Thanks in advance
 
Michael Yuan
author
Ranch Hand
Posts: 1427
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is probably not a good idea to "hide" the URL since Google can always find it. I think a better way is to use a password to protect your content and authenticate the client on the server.

If you have to hide the URL, you can consider using a custom encryption algorithm (just shift the bits e.g., ROT13) and obfuscate the code that is used to decode it.
 
Ould Nadif
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Thank you Michael. It is good idea but not convenience for my aim because your solution increase the size of my .jar (new code source).
I think i have a solution that I have not tried again to manage my httpconnection with (Post) et not Get. With HTTP Post ,the user will not see my parameters. I think that can resolve my probleme.

For example: with HTTP GET www.myhost.com/getfile? size=124&image=hoho.png
the user will see all parameters.
But with HTTP POST the user will see only www.myhost.com

What do you think about

OULD NADIF
 
Michael Yuan
author
Ranch Hand
Posts: 1427
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends how much "security" you need. The HTTP POST keeps out the most novice users. But anyone who is really interested in finding out can easily hack it (the same applies to obfuscated URLs I mentioned above).
 
Ould Nadif
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Michael,

you are right. Anyway, I have to implement the SSL later. The problem is that protocol is only available on the MIDP2.0. My application is in MIDP1.0/CLDC1.0 to be compatible in the maximum of mobiles.

OULD NADIF
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic