桌面应用程序的对象持久化策略

发布于 2024-07-11 23:16:18 字数 171 浏览 11 评论 0原文

我正在开发一个基于 Java 的桌面应用程序。 我需要保留一些从应用程序对象模型生成的数据(最好保存到文件中)。 还需要保护持久文件,以便其他人无法从数据中获取对象模型详细信息。 执行这些操作的最佳策略是什么? 我的印象是这些要求对于桌面应用程序来说非常常见。 但是,我还没有找到很多有用的信息。 任何建议表示赞赏。

I am developing a Java based desktop application. There are some data generated from the application object model that I need to persist (preferably to a file). There is also a requirement to protect the persisted file so that others can't derive the object model details from the data. What's the best strategy for doing these? I was in the impression that these requirements are very common for desktop apps. However, I haven't been able to found much useful info on it. Any suggestion appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

苍暮颜 2024-07-18 23:16:18

你的问题有两个部分。 第一:如何持久化数据? 第二:如何保护他们?

有很多方法可以保存数据。 从简单的XML、java序列化到自己的数据格式。 仅通过“纯文本”是无法防止逆向工程数据的。 你可以让它变得更难,但并非不可能。 为了使它变得不可能,你需要使用强加密,这就出现了一个问题。 如何加密数据并且不泄露安全令牌。 如果您在应用程序中分发安全令牌,那么找到它只是时间问题,问题就解决了。 因此,在安装过程中输入安全令牌不是一种选择。 如果用户必须进行身份验证才能使用应用程序,它应该会有所帮助,但这是同样的问题。 下一个选项是使用自定义受保护双射算法来混淆数据。 最后一个选择是什么也不做,只是将数据格式保密,不要发布它们并混淆您的应用程序以防止逆向工程。

通过自定义数据格式和模糊应用程序进行简单的数据模糊(XOR 素数)可实现最佳价值。

Your question has two parts. 1st: How to persist data? 2nd: How to protect them?

There is a lot of ways how to persist data. From simple XML, java serialization to own data format. There is no way how to prevent revers engineering data just by "plain text". You can just make it harder, but not impossible. To make it quite impossible you need to use strong encryption and here comes a problem. How to encrypt data and don't reveal secure token. If you are distributing secure token with your application it is just a matter of time to find it and problem is solved. So entering a secure token during installation is not an option. If user has to authenticate to use application it should help, but it is the same problem. The next option is to use custom protected bijection algorithm to obfuscate data. And the last option is to do nothing just keep the data format private and don't publish them and obfuscate your application to prevent from reverse engineering.

At the best value comes simple obfuscation of data (XOR primenumber) with custom data format and obfuscated application.

自在安然 2024-07-18 23:16:18

如果不需要修改此文件,您可以将对象图序列化到文件中。 内容是二进制的,只能使用编写它们的类来读取它们。

您还可以使用 Java DB(我认为从 1.5 开始就随 java 一起提供)和 ORM 工具,例如 Hibernate。

编辑

它从1.6开始捆绑 http://developers.sun.com/javadb/

If you don't need to modify this file you can serialize the object graph to a file. The contents are binary and they could only be read using the classes where they were written.

You can also use Java DB ( shipped with java since 1.5 I think ) and an ORM tool for that such as Hibernate.

EDIT

It is bundled since 1.6 http://developers.sun.com/javadb/

冰雪梦之恋 2024-07-18 23:16:18

如果您想对文件进行简单的 xml 读取和写入,XStream 可以使用。 Xstream 允许您获取任何 java 对象并将其写入文件或从文件中读取。

XStream works if you want to do simple xml reading and writing to a file. Xstream allows you to take any java object and write it to and read it from you file.

雪化雨蝶 2024-07-18 23:16:18

如果您确实需要语句中隐含的安全性(“...保护持久文件,以便其他人无法从数据中派生对象模型详细信息。”),我会将内存中的数据序列化(以 Java 序列化形式、XML 或其他),然后将该字节流加密到文件中。

If you really need the security implied in your statement ("...protect the persisted file so that others can't derive the object model details from the data."), I'd serialize the data in memory (to Java serialized form, XML, or whatever) and then encrypt that byte-stream to a file.

浅紫色的梦幻 2024-07-18 23:16:18

您可以尝试使用嵌入式数据库,例如 Berkeley DB Java Edition (http:// /www.oracle.com/database/berkeley-db/je/index.html)。 他们的直接持久层 API 很可能会满足您的需求。 数据库内容同步到磁盘上的文件。 仅直接查看文件,很难从数据中找出对象模型。 我对它有很好的体验,它速度快如闪电,并且与桌面应用程序配合得很好。

You can try using an embedded database like Berkeley DB Java Edition (http://www.oracle.com/database/berkeley-db/je/index.html). Their direct persistent layer API will most likely suit your needs. The database contents are synced to files on disk. From just looking at the files directly, it's not easy to figure out the object model from the data. I've had good experiences with it, it's lightning fast and works well with desktop applications.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文