Security

Hi,

I'm currently writing an app in java that connects to a database.

to prevent people hacking the app and gaining access to the tables by byte patching the sql, i have hidden everything behind packages. however this still leaves the package exposed. so what i have decided to do is allocate the user a key at runtime, which is randomly generated.
all the users will log in into the same account at the same time.

as the users space is only visible to that user and is thrown away when the user disconnects,it should be a safe plae to store a key.  i want to store this key somewhere whilst the user is connected.

i belive i can do it in a package

possibly along the lines of
package user_variable
then have the user variable defined inside a separate package.

i cannot do this inside the main code package as i want it to be serially re-usable for the app.

the main app will reference this outside package variable in it's code.

in theory this will allow the same code to be used for multiple users, without people being able to call the packages externally , unless they have a key.

can anyone see any problems with this approach. Received on Thu Feb 14 2002 - 11:46:43 CET