• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security : How to protect my data

 
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I have developped a application J2ME that connect to my serveur and download a midi file.
I have a serious problem of security with motorola V525:when my midlet J2ME connect to my serveur,the whole URL of my serveur is displayed. The user can use this URL from any computer to download my midi file.

How to hide the URL of my server to any user

Thanks in advance
 
author
Posts: 1436
6
Python TypeScript Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is probably not a good idea to "hide" the URL since Google can always find it. I think a better way is to use a password to protect your content and authenticate the client on the server.

If you have to hide the URL, you can consider using a custom encryption algorithm (just shift the bits e.g., ROT13) and obfuscate the code that is used to decode it.
 
Ould Nadif
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Thank you Michael. It is good idea but not convenience for my aim because your solution increase the size of my .jar (new code source).
I think i have a solution that I have not tried again to manage my httpconnection with (Post) et not Get. With HTTP Post ,the user will not see my parameters. I think that can resolve my probleme.

For example: with HTTP GET www.myhost.com/getfile? size=124&image=hoho.png
the user will see all parameters.
But with HTTP POST the user will see only www.myhost.com

What do you think about

OULD NADIF
 
Michael Yuan
author
Posts: 1436
6
Python TypeScript Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It depends how much "security" you need. The HTTP POST keeps out the most novice users. But anyone who is really interested in finding out can easily hack it (the same applies to obfuscated URLs I mentioned above).
 
Ould Nadif
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Michael,

you are right. Anyway, I have to implement the SSL later. The problem is that protocol is only available on the MIDP2.0. My application is in MIDP1.0/CLDC1.0 to be compatible in the maximum of mobiles.

OULD NADIF
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic