I wanted to write android applications in Java. Applications should work like this : people will be register and login in app. After login user can choose user with they want to co-operate, after that server will give this users the same set of data and each of users can chose some data and sent to server. After that server should chose part of the common data that users chosen before and sent this part again to every user.
I don't know how to implement this. I was thinking about socket or websocket but, i have not idea how it should be look.
Could you give me some advice ?
you would need an server. Parse Server or Firebase would meet your requirement, i prefer parse as its open source. You can rent it from amazon web services or host it free at back4app or host on your own. You can send queries , receive and set how your server collects it and works with it your you can do it manually.
Related
I have have a BIG problem in the past few days. I'm developing an application for a customer and I have an external database in the web. In the program there are a login and some modules. At the time I store the data for access to the DB hardcoded in the Java code. Of course this is not a way to store those data.
Then I was searching so much to find out a way to connect to the database.
Store the password in a properties (.xml) file on the PC
Encrypt the password
etc.
But all of this is not really secure. Then I found something good. "Three-Tier Application Server" sounds really good and a possible way that I don't have to save the data on the PC. But I read everytime how a Three-Tier server works, but nowhere how to develop something like this in java. And is there a possibility that a hacker write an application that connects to this server too and get all of the data, because he decompile the application and get the access data?
Thanks for help
There are indeed many ways you can go about this.
The best way is to have the authentication checks spread throughout your code to where it would be very hard to remove them.
Have the authentication with SHA256/512 and or MD5 and have the user send a login request to the server.
Only authenticate the user if the server responds that it is registered.
Do not store any information other than the users info on the client end.
All the checks should be made and validated on the server side.
You also most definitely want to obfuscate your client sided code as well.
i am developing a chat application for local environment where our office employees can chat easily so here I am getting some conflicts when I am trying to send message over the IP but there IP being change dynamically so how can i resolve it .
First of all, I recommend using a well established solution like a local Jabber Server installation and using a client that supports the required features.
If you really want to pull this off on your own, you'll need at least a central controlling point (Server) to abstract Users from their Endpoint.
Configured user would then have to login to that server to signal they are ready to receive messages. Doing this, you have the momentarily correct IP that you can then use to relay messages or to give to other clients wanting to send to that user. Also consider that users may want to use more than one client (they have 2 PCs?). You probably wouldn't want to bind one user to one client device.
Also note that you will have to create a decent protocol for all this. This can be quite tedious if you want similar features to for example Skype Chat or ICQ, or some derivate of XMPP / Jabber.
This leads me again back to my first suggestion: Better use something that already exists. Installing and configuration of that can already be effort enough. Coding all that by yourself, though will take way more effort.
And I didn't even go into status/statusmessages, groupchats, sending/sharing Files, sending messages while User is away/offline ...
I've made a simple mailing app that takes in email credentials and uses it to send emails of certain kinds to selected addresses. Problem is, I've had to input the credentials right into the code, so anyone who uses dex2jar can get the source code and get the email used for forwarding and easily make the app obsolete.
I imagine I'm not the only one facing this issue, so what are some ways to make my code secure?
No matter how good of a technique you use to hide the credentials, if it's in the code then it can always be found.
Instead of hard coding them in, you could perhaps let the user specify them when he starts the app? If that can't be avoided you could instead have a remote service that will do the sending and forward your request to that.
You can not both connect to an e-mail account and keep those same users out of said e-mail account. Consider using a hosted server as part of the project to securely connect to the e-mail account from the server level and process these e-mails remotely.
I'm developing a game in Java and I need need store and get data from mysql database.
Currently I have login credentials saved in my Java app source codes and I'm using some library for the communication. But I think that this is a really unsecured way cause of credentials saved in the Java file.
I was wondering what if I do it through some server side PHP scripts which would just get some information and do what is necessary. But again somebody can get that link and do some evil.
I also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it. But I see one problem, what if I'll need get some information from another user?
So I was wondering what is the best way to keep it simple and secured?
Define a set of services (RESTful will be good) in server side (through PHP or Java or another programming language) that communicates with the datasource (MySQL or another). Then, from your client, consume these services. Now, you can assure the client and server points for communication like authentication and authorization to consume the services, you can use OAuth for this.
also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it
This is a no go. Since it's a game, you will have to maintain a single database per user. It's highly costly and you will have more problems than just retrieving the data from another user.
I have a school project in which I have to implement a chat application, whose server will be a java web service.
The problem is that I've always thought of a web service as a way of calling remote functions, and I have no idea how to keep a "session" active on the web service, nor how to keep track of all the people currently in chat, rooms etc.
To the best of my knowledge, a chat server is supposed to know its clients after an initial connection, and send every client message to all clients. This definitely calls for some sort of session maintenance. I think the right way to do this is as follows:
Client calls web service 'handshake' and provides some minimal identification details.
Server returns an acknowledgment that includes a unique client identifier.
Client calls web service 'message' and sends a new message, together with its identifier.
Server identifies client by the identifier, distributes message to all clients.
I'm not really sure how the message distribution should work, as web services are essentially a pull-service and not push. Perhaps the client should expose its own web service for the server to call.
Hope this helps,
Yuval =8-)
You could consider implementing a COMET solution. This will effectively give you push communication, thus eliminating latency, a VERY nice feature for a chat application.
If you want to go for the gold, consider implementing more advanced features:
spell check
URLs/email addresses converted to links automatically
separate chat rooms
moderator functions (terminate chat, kick user)
event info like "User is typing..."
statuses (available, busy, away...)
avatars
...
I don't know Java so this answer will be language agnostic.
In my opinion the simplest way to do this without running a process on the server would be to store all your data in a database.
Here is a short list of the basic things that will need to be done:
Need a table with a list of users and passwords for authentication
Need a table for the currently logged in uses
A. needs a time stamp field of the last contact
When a users does something update the last contact field to the current time
If the user' last contact time is > current time + 2 minutes then they are logged out
client side application will need to send periodic messages to the server to say "Im still here"
You'll need to find a way to determine when a message has been sent and when to update the client's display that a message has been received, this I will leave to you.
If you still need some help here is an AJAX/ASP.Net chat app that should (I didn't look at its source) work much the same way.
I wrote a chat engine which had a service in the background and everything stored in a database, an input form frame and an output frame which received the html stream.
If you want to skip the service part and only implement via a web service, you need to implement at least two operations: Post for inputs, and GetLatestChanges to receive the chat's output, which translates into HTML using some Javascript magic.
Of course you need to keep track of rooms, users, messages, which user receives which texts etc, as sketched by Unknwntech.