Re: [SLE] Java hardware/ software key protection
Aldrik KLEBER wrote:
Le Vendredi 22 Avril 2005 11:01, Laurent Renard a écrit :
Aldrik KLEBER wrote:
Le Vendredi 22 Avril 2005 09:40, Laurent Renard a écrit :
Hello everybody,
i'm looking for something to protect java applications. Hardware ( usb key ) or software ???
DO you know the best way to do it ?
Thank you.
What do you mean by protection ? protection from copying or executing the application by a wrong person ?
What i mean is code obfuscation, code encryption, ... Protection from copying, editing, ...
Thank you ;)
When you use jar files, in the code you create an object who manage the zip deflatting, perhaps like in linux with the loopback, there is a possibility to encrypt the stream so you you can separate the classes you want to protect in separate jar, and after managing the stream you can have a good result, and why not reading the key to decrypt the stream in an usb key or cdrom, but the problem is to guarantee the multi os aspect, so you should search the management of hotplug device too in java platform in order to respect the multi platform aspect.
Dear Aldrik, the problem is that it's for an enterprise level application - platform independant - database independant. Therefore we need something strong ... uncrackable ... and maybe as an eclipse plugin ? Thanx for all -- Laurent Renard
Le Vendredi 22 Avril 2005 11:18, Laurent Renard a écrit :
Dear Aldrik,
the problem is that it's for an enterprise level application - platform independant - database independant. Therefore we need something strong ... uncrackable ... and maybe as an eclipse plugin ?
Thanx for all
Okay, so the protection must be not on the software but on computers and servers and network, this is a whole security politics you need to create. it will not depend of your application. Even if you have a very secure application, someone can listen on the lan the database transactions for example. The access to the application must be protected by the platform
Aldrik KLEBER wrote:
Le Vendredi 22 Avril 2005 11:18, Laurent Renard a écrit :
Dear Aldrik,
the problem is that it's for an enterprise level application - platform independant - database independant. Therefore we need something strong ... uncrackable ... and maybe as an eclipse plugin ?
Thanx for all
Okay,
so the protection must be not on the software but on computers and servers and network, this is a whole security politics you need to create. it will not depend of your application.
Even if you have a very secure application, someone can listen on the lan the database transactions for example.
The access to the application must be protected by the platform
Exactly. There's no problem about the data flow ... nothing is human readable ;) -- Laurent Renard
On Fri, 2005-04-22 at 11:48, Aldrik KLEBER wrote:
Le Vendredi 22 Avril 2005 11:18, Laurent Renard a écrit :
Dear Aldrik,
the problem is that it's for an enterprise level application - platform independant - database independant. Therefore we need something strong ... uncrackable ... and maybe as an eclipse plugin ?
Thanx for all
Okay,
so the protection must be not on the software but on computers and servers and network, this is a whole security politics you need to create. it will not depend of your application.
Even if you have a very secure application, someone can listen on the lan the database transactions for example.
The access to the application must be protected by the platform
Hi all, Listening to lan (sniffers) won't reveal anything if data is encrypted, so for network-wide applications (intra/inter-net) i would recommend the use of ssh / ssl. User authentication with Smart-cards or kerberos is platform independant. Kerberos is widely supported, but i'm not sure of the support of smart-cards (java-cards) under linux... Security has its price Hans
participants (3)
-
Aldrik KLEBER
-
Hans Witvliet
-
Laurent Renard