wood burning stoves*
The moose likes Java Micro Edition and the fly likes Security : How to protect my data Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Mobile » Java Micro Edition
Bookmark "Security : How to protect my data" Watch "Security : How to protect my data" New topic
Author

Security : How to protect my data

Ould Nadif
Ranch Hand

Joined: Jan 21, 2004
Posts: 184
Hi all,

I have developped a application J2ME that connect to my serveur and download a midi file.
I have a serious problem of security with motorola V525:when my midlet J2ME connect to my serveur,the whole URL of my serveur is displayed. The user can use this URL from any computer to download my midi file.

How to hide the URL of my server to any user

Thanks in advance


We are ones that build the world, thus build it well.
Michael Yuan
author
Ranch Hand

Joined: Mar 07, 2002
Posts: 1427
It is probably not a good idea to "hide" the URL since Google can always find it. I think a better way is to use a password to protect your content and authenticate the client on the server.

If you have to hide the URL, you can consider using a custom encryption algorithm (just shift the bits e.g., ROT13) and obfuscate the code that is used to decode it.


Seam Framework: http://www.amazon.com/exec/obidos/ASIN/0137129394/mobileenterpr-20/
Ringful: http://www.ringful.com/
Ould Nadif
Ranch Hand

Joined: Jan 21, 2004
Posts: 184
Hi

Thank you Michael. It is good idea but not convenience for my aim because your solution increase the size of my .jar (new code source).
I think i have a solution that I have not tried again to manage my httpconnection with (Post) et not Get. With HTTP Post ,the user will not see my parameters. I think that can resolve my probleme.

For example: with HTTP GET www.myhost.com/getfile? size=124&image=hoho.png
the user will see all parameters.
But with HTTP POST the user will see only www.myhost.com

What do you think about

OULD NADIF
Michael Yuan
author
Ranch Hand

Joined: Mar 07, 2002
Posts: 1427
It depends how much "security" you need. The HTTP POST keeps out the most novice users. But anyone who is really interested in finding out can easily hack it (the same applies to obfuscated URLs I mentioned above).
Ould Nadif
Ranch Hand

Joined: Jan 21, 2004
Posts: 184
Thank you Michael,

you are right. Anyway, I have to implement the SSL later. The problem is that protocol is only available on the MIDP2.0. My application is in MIDP1.0/CLDC1.0 to be compatible in the maximum of mobiles.

OULD NADIF
 
 
subject: Security : How to protect my data
 
Similar Threads
How to download a midi file using jsp
JavaFX and sound
Help me : Nokia 3650 NullpointerException
Payment and J2ME Help me it is emergent
WAP/Player