aspose file tools*
The moose likes Programming Diversions and the fly likes How to proceed Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Other » Programming Diversions
Bookmark "How to proceed" Watch "How to proceed" New topic
Author

How to proceed

Alex Derek
Ranch Hand

Joined: Apr 10, 2013
Posts: 32

Hello everybody,

I hope to be in the right section.

I'd like to have a suggestion about how to proceed to make an application I have on my mind.

The purpose of the program is to keep ID and password of the site, forum etc. a user has subscribed and,
clicking on a link or button, be redirected to the page with the data already filled (still better, directly logged in).
(I know there are a lot of them around, but i don't like them).
My ultimate goal is to make the program platform and device independent.
Obviously to be device independent I think that the program should run on a server and the interface probably on the web.
I'm thinking that with a servlet, JDBC and an SQL database I could solve the problem.

Questions:
1) are the planning right? Did I forget some really important (or not) passage?
2) in case I see that is the program of the year, and I decide that it's a good product a lot of people are eager to use, :-)
I should worry about security. Using SSL is enough for the security of a program like this? I have heard that similar
program use encrypted keys etc. I know really little about encryption, on the web there is the need of specific encryption too, or
SSL is enough?
3) However I would like to start doing this program only in java running on client side, is it feasible? I mean, I don't know if Java can
check which browser is installed on the computer, run it, load the login page of the site and
fill the textarea (or whatever) for ID and password (the user has just to press enter...)I'm not asking for precooked code, just a
yes or no, and, if yes, which api I should study?
4) does it make sense to create a program like this one? Or is it just a time-losing activity? Does it make sense to use java? Or this is a task for a different language?

Thank you
Alex


(...)
Myyron Murray Latorilla
Ranch Hand

Joined: Dec 10, 2009
Posts: 65

For #3, i think it is more attainable using javascript not Java.


OCPJP6
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30938
    
158

Alex,
I think you should use Java but as a standalone program and a flat file (local) database. The reason is that storing user passwords on the server is a bad idea. A website shouldn't even have its OWN passwords. They should use a one way hash. For example, on this site, I can't look in the database and tell you what your password is. The site can only tell you if the password you entered is correct.

A Java standalone program and flat file database is platform independent.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30938
    
158

For #4, the question is - what feature does your program have that the existing ones do not.
Alex Derek
Ranch Hand

Joined: Apr 10, 2013
Posts: 32

Hello Jeanne, and thank you very much for your reply!

1) Ok, I've not understood really well the explanation on storing password. Could you suggest me some books or web resources were I can study the problem? (I don't want to bother you too much :-) ).

2) I was thinking to start this little program as you suggest, as a standalone program with a local db, mainly to practice with sql and JDBC (I'm going to prepare ocp 7).

3) What I need from a program like this is the possibility to work in every kind of 'ambient' I come across. I mean, I have subscribed more than 80 sites, forum etc.. I work mainly with my computer, but sometimes I work from other computers, I use my phone etc. etc. But, if I need a login and password for a specific site either I remember my credentials or I write donw on a paper all login and pwd and use that. Program with similar functionalities (I'm using LastPass) are local to the computer you are using (last pass is a plugin for the browser, other programs are stand alone solutions). So I was asking myself if it wasn't possible to have a 'cloud' solution, something that is available every where.

Again, thank you for your attention

Alex
Martin Vajsar
Sheriff

Joined: Aug 22, 2010
Posts: 3611
    
  60

Actually, LastPass is a cloud solution, meaning that you can share your passwords among all the computers/browsers for which you've installed the plugin. It is available even for iPad in some form, so I guess it has plugins/clients for many platforms. And even if you can't or don't want to install the plugin somewhere (ie. on a borrowed laptop), you can access your data via a web interface. Devising something better than LastPass would be quite a challenge, in my opinion.

Having your passwords stored in the cloud has obvious disadvantages which were already mentioned. I would never put my e-banking credentials there, for example. I do have forums and email credentials in LastPass, but I use two factor authentication with gmail.
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30938
    
158

Alex Derek wrote:1) Ok, I've not understood really well the explanation on storing password. Could you suggest me some books or web resources were I can study the problem? (I don't want to bother you too much :-) ).

The first few hits on why sites should not store password in database explain it nicely.

Alex Derek wrote:
2) I was thinking to start this little program as you suggest, as a standalone program with a local db, mainly to practice with sql and JDBC (I'm going to prepare ocp 7).

If the goal is to practice for the OCP 7, using a local database is a good idea. If the goal is to make something easy for others to install, a file based approach might be better.

Alex Derek wrote:
3) What I need from a program like this is the possibility to work in every kind of 'ambient' I come across. I mean, I have subscribed more than 80 sites, forum etc.. I work mainly with my computer, but sometimes I work from other computers, I use my phone etc. etc. But, if I need a login and password for a specific site either I remember my credentials or I write donw on a paper all login and pwd and use that. Program with similar functionalities (I'm using LastPass) are local to the computer you are using (last pass is a plugin for the browser, other programs are stand alone solutions). So I was asking myself if it wasn't possible to have a 'cloud' solution, something that is available every where.

It's certainly possible to have a cloud based approach. You might consider storing the passwords in a way that wouldn't give people access to your passwords if someone were to get the data in the cloud. For example, add characters to them in seemingly random positions or something that your program removes on the client side.. (And don't give away your "scheme".) This isn't good security, but it is better than nothing.
Alex Derek
Ranch Hand

Joined: Apr 10, 2013
Posts: 32

Thank you again Jeanne,

I'm going to study well the topic. :-)

When you write "file based approach" you mean something like a simple .txt file were the data are stored? However in this case I should create some kind of encryption just to try to hide the data.

The encryption problem is something that actually intrigues me. (e.g. If on a computer there is a keylogger... ).

However thank you again for the suggestions I'll think about it, and start with the simpler version
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30938
    
158

Alex Derek wrote:When you write "file based approach" you mean something like a simple .txt file were the data are stored? However in this case I should create some kind of encryption just to try to hide the data.

Yes. You have to do that in a database too.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How to proceed