Java Swing窗口应用程序有多安全
[英]how much secure is Java Swing window application
问题描述
I have made a Java application using Swing. 
我已经使用Swing制作了Java应用程序。 I use a total of 12 classes, 10 forms and one main class. 我总共使用12个班级,10个表格和一个主班级。 All are packed in a jar with all the necessary libraries and resources. 所有这些都包装在具有所有必要库和资源的jar中。 The jar is an executable and is working fine with no issues. 该jar是可执行文件,可以正常工作,没有任何问题。
The problem is that it is a database related distributed application. 问题在于它是与数据库相关的分布式应用程序。 I have used many Connection objects to connect with mysql. 我已经使用了许多Connection对象来与mysql连接。 The connection is public. 连接是公共的。 If a hacker or attacker imports my jar to his own project and try to get the clone of that connection will he be able to hack the database? 如果黑客或攻击者将我的jar导入他自己的项目并尝试获取该连接的副本,他将能够对数据库进行黑客攻击吗? If yes, what is the solution and if no, why can't he? 如果是,解决方案是什么,否则,他为什么不能呢?
1 个解决方案
解决方案1
3 2016-01-25 20:20:19
It depends on what exactly is in the jar and how you are connecting to the database. 这取决于jar中的确切内容以及如何连接到数据库。
A jar file that just has class-files in it, can be reverse engineered rather easily. 仅包含类文件的jar文件可以很容易地进行逆向工程。 This would let a hacker see a great deal of what you have coded, especially things like URL and SQL strings. 这样一来,黑客就可以看到您编写的大量代码,尤其是URL和SQL字符串之类的东西。 You can try to be really clever and build up the strings, but you would probably have to be twice as clever as the hacker to be able to hide things from him. 您可以尝试真正地聪明并构建字符串,但是您可能必须比骇客聪明两倍,才能向他隐藏东西。
So, instead of trying to make the jar hack-proof, protect your database. 因此,不要试图使jar不受黑客攻击,而是要保护数据库。 The public connection should not have very many privileges, and the admin account should not be accessible remotely for the most security. 公共连接不应具有很多特权,并且管理员帐户不应从远程访问以获得最大的安全性。 There are likely more things one should do to secure your database, but I am not a DBA. 为了保护数据库的安全,应该做更多的事情,但是我不是DBA。
Good luck. 祝好运。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.