桌面应用程序的对象持久性策略 [英] Object persistence strategy for desktop application
问题描述
我正在开发基于Java的桌面应用程序。我需要保留从应用程序对象模型生成的一些数据(最好是文件)。还需要保护持久文件,以便其他人无法从数据中导出对象模型详细信息。这样做的最佳策略是什么?我的印象是,这些要求在桌面应用程序中很常见。但是,我还没有找到很多有用的信息。任何建议表示赞赏。
I am developing a Java based desktop application. There are some data generated from the application object model that I need to persist (preferably to a file). There is also a requirement to protect the persisted file so that others can't derive the object model details from the data. What's the best strategy for doing these? I was in the impression that these requirements are very common for desktop apps. However, I haven't been able to found much useful info on it. Any suggestion appreciated.
推荐答案
您的问题分为两部分。第一:如何持久化数据?第二:如何保护它们?
Your question has two parts. 1st: How to persist data? 2nd: How to protect them?
有很多方法可以保存数据。从简单的XML,java序列化到自己的数据格式。仅通过纯文本就无法防止逆转工程数据。您可以使其更加困难,但并非没有可能。要使其变得完全不可能,您需要使用强加密,这会带来问题。如何加密数据且不泄露安全令牌。如果您在应用程序中分发安全令牌,找到它只是时间问题,问题就解决了。因此,在安装过程中输入安全令牌是不可行的。如果用户必须通过身份验证才能使用应用程序,则应该有所帮助,但这是相同的问题。下一个选项是使用自定义保护双射算法来混淆数据。最后一种选择是不做任何事情,只是保持数据格式的私密性,不要发布它们并混淆应用程序以防止进行逆向工程。
There is a lot of ways how to persist data. From simple XML, java serialization to own data format. There is no way how to prevent revers engineering data just by "plain text". You can just make it harder, but not impossible. To make it quite impossible you need to use strong encryption and here comes a problem. How to encrypt data and don't reveal secure token. If you are distributing secure token with your application it is just a matter of time to find it and problem is solved. So entering a secure token during installation is not an option. If user has to authenticate to use application it should help, but it is the same problem. The next option is to use custom protected bijection algorithm to obfuscate data. And the last option is to do nothing just keep the data format private and don't publish them and obfuscate your application to prevent from reverse engineering.
具有最佳价值的是使用自定义数据格式和模糊的应用程序对数据(异或素数)进行简单的模糊处理。
At the best value comes simple obfuscation of data (XOR primenumber) with custom data format and obfuscated application.
这篇关于桌面应用程序的对象持久性策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
