Manipulating Arrays in Java

I have a program in which I have read a csv file and stored it in an array. My CSV file is made up of three columns of which two are integers and one is string. I want to create two parallel arrays one to hold string while the other to hold the integers. How do I go about it

How can I create a secure auto-login? (java)

I am writing a server-client program. When a new user installs the program and opens it for the first time, he has to enter a password. The password in combination with an email address is needed to authenticate to the server via SSLSocket.

I know how to save a password securely (store salt and hashed password), but how can I create a secure system, where the client automatically sends the password to the server? I do not want the user to type the same password every time he wants to login.

Is it possible to create a secure system like this? Because if I save the hashed and salted password in a .txt I can just read it and then login to the server? How is it possible to create something like this?

Is RSA usage in combination with Java Socket secure?

I want to create a java program for server client communication. Therefore first the client creates a RSA keypair. Then the client sends the public key to the server. After that the server will create a RSA keypair and also send its public key to the client. Is it safe to say that now (after key exchange) it is safe to send all kind of data between server and client?

Or is it smart to create a SSLSocket? I honestly have no idea how the authentication with the certificats work and I also do not want to have a certificate which needs an update every now and then.

Securely encrypt and decrypt files via PBE in Java (Jasypt seems insecure)

Requirements:

  • I have a Java app, which among other things, needs to encrypt/decrypt binary files on the file system. I’m planning to use PBE (password based encryption) since the password will be entered by the user each time they use the app (it’s not stored anywhere).
  • I don’t know if AWS KMS (key management system) or Google KMS can assist in any way, but it doesn’t matter since remote services are not allowed to be used for this project.

My Questions:

  • Are there any Java libraries that will help me achieve my requirements, aside from directly interacting with the JCE API (java cryptography extension)? I’m not a security expert and don’t want to misuse the JCE.
  • I’m also open to other ideas that don’t use a Java library, however, it must nicely integrate with my primary Java application.

Google Tink:

Tink doesn’t support PBE.

The lead developer of Tink (Thai Duong) has stated as such. Thai does say it is possible to achieve using an internal API (AesGcmJce.java), however, he goes on: “This is not recommended because the subtle layer might change without notice”. I want a stable solution, so Tink doesn’t cut it.

There is an open github issue to add PBE to Tink.


Jasypt:

Jasypt doesn’t seem secure.

If you want to know the details, read on, but it’s not required…

Jasypt is supposed to make PBE tasks easier, and the API is very simple, but the default parameter values it uses seem to be those which haven proven insecure (e.g., MD5 and DES). I can manually configure it to use more secure options but the very fact that its defaults are insecure makes me wonder what other aspects of the library are insecure.

For example, here are its default values when using the API:

  • Encryption algorithm: PBEWithMD5AndDES
  • No IV generator
  • Random salt generator of 64 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using MD5 with 1000 iterations

I can manually change the defaults to obtain the following configuration:

  • Encryption algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
  • Random IV generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • Random salt generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using SHA256 with 1000 iterations

The API is super simple. Here’s how to instantiate the Java object which encrypts and decrypts binary data using the default settings (PBEWithMD5AndDES, etc):

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

In order to make things more secure I installed a lib called Bouncy Castle which adds many cipher algorithms for use by the JVM. Among the many options I chose PBEWITHSHA256AND256BITAES-CBC-BC. Similar to the code above, here’s how I instantiated the more secure configuration:

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); binaryEncryptor.setProvider(new BouncyCastleProvider()); binaryEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC"); binaryEncryptor.setIvGenerator(new RandomIvGenerator()); binaryEncryptor.setSaltGenerator(new RandomSaltGenerator()); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

The library does have its own “stronger” encryptor classes (StrongBinaryEncryptor, AES256BinaryEncryptor, etc) but like I said, I’ve lost confidence in their software (unless you can explain otherwise).


Help:

Please help đŸ™‚
thx

Would my Java web application be vulnerable if I use a netty version that is vulnerable to CVE-2019-20444 and CVE-2019-20445?

These has been fixed in later versions of Netty … but what is the risk of using an older (can’t upgrade now) version that is vulnerable to to CVE-2019-20444 and CVE-2019-20445 … is there really a risk here? Note that the application uses netty for communicating with a 3rd party API. The app is deployed on Tomcat and that is the main entry for user http requests.

Java – Problems with overload constructor containing only a string [closed]

I am having trouble figuring out how to correctly ask the user for 3 inputs representing attributes that will be used to create an object which will be printed on the screen and making sure the inputs aren’t bad values. For example, if the user typed in .5 as a diameter it would change to 1. The overload constructor is supposed to represent the name of a file which will contain the name, diameter, and temperature of the object being created.

When I try to run it, there would errors for missing symbols. How can I get it so that the overload constructor with string as its only parameter to be called into the Object2 class in order to create an object?

public class Object1 {    //attributes    private double yyy;    private int zzz;    private String xxx;    private String fileName;     //symbolic constants    private final double MINDIAMETER = 1;    private final int MINTEMP = 300;    private final String NA = "N/A";     // getter/setter methods for name    public void setName(String n)    {    if (n != "")    xxx = n;     else     xxx = NA;    }     public String getName()    {    return xxx;    }     // getter/setter methods for diameter    public void setDiameter(double d)    {    if (d >= MINDIAMETER)    yyy = d;     else     yyy = MINDIAMETER;    }     public double getDiameter()    {    return yyy;    }     // getter/setter methods for temperature    public void setTemp(int t)    {    if (t >= MINTEMP)    zzz = t;     else     zzz = MINTEMP;    }     public int getTemp()    {    return zzz;    }     public Object1()    {       xxx = NA;       yyy = MINDIAMETER;       zzz = MINTEMP;    }     public Object1(String n, double d, int t)    {       setName(n);       setDiameter(d);       setTemp(t);    }     public Object1(String f)    {         fileName = f; //Initialize the object's fileName with f         System.out.print("Enter the filename: ");      }     public String toString()    {       return "A object, named " + xxx + ", with a diameter of " + yyy + " miles, and a temperature of " + zzz + " Kelvin.";    } } 

Seperate file code

import java.util.Scanner; import java.io.FileWriter; import java.io.File; import java.io.PrintWriter; import java.io.FileReader; import java.io.IOException;  public class Object2 {    public static void main(String[] args) throws IOException    {           // object with overload         Object1 z;         z = new Object1("");          Scanner kb = new Scanner(System.in);           fileName = kb.nextLine();         File file = new File(fileName);         PrintWriter outputFile = new PrintWriter(file);          System.out.println("please enter name: ");         while (kb.hasNext())         {          name = kb.nextLine();         System.out.println("please enter the diameter: ");         diameter = kb.nextDouble();         System.out.println("please enter the temperature: ");         temp = kb.nextInt();          System.out.println(name + " " + diameter + " " + temp);          outputFile.println(name);         outputFile.println(diameter);         outputFile.println(temp);         }           outputFile.close();         System.out.println(z);     } }  

discount Java Tea Extract

Organic Herb Inc. is a joint-stock company established by Changsha Organic Herb Inc. Changsha Organic Herb Inc. was registered in Changsha County,Changsha, Hunan province on 24th December, 2004. It is completed the Joint-Stock System Reorganizationin in July 2015 and updated the company name as Organic Herb Inc. Organic Herb Inc is issued“Business License of Enterprise Legal Person by Changsha Administration for Industry & Commerce on 31th July, 2015 and listed on New OTC Market successfully on 16, October 2015. Organic Herb Inc. ‘s legal representative is Xirong Liu and the business scope of the development, production, marketing for plant extracts; Research and development of biological products, and production of traditional Chinese medicine .
Organic Herb Inc. established a wholly-owned subsidiary of Phyto Nutraceutial Inc.  and Jiangxi Organic Herb Biotechnology co., LTD. which is located in Ychun city, Jiangxi province. Organic Herb Inc. is specialized in Rhodiola Rosea Extract, Bilberry extract, Maca Extract, Tongkat Ali Extract, Resveratrol, Grape Vine Extract, Epimedium Extract, Natural Colors and plant functional components such as the high purity extracts and standardized extracts.
Organic Herb Inc.’s products focus on the combination of technology and market demand to ensure the products have high technical content and the broad applicability, and pay high attention to its environmental protection and high efficiency.discount Java Tea Extract
website:http://www.extract-supplier.com/

Prevent JLink from using a DisabledPreferencesFactory with Java on Linux

This is kind-of a strange question, so please bear with me.

We have a Java application that has a utility for Mathematica 12 that lets you run our app from Mathematica using JLink. This works fine on macOS and Windows. On Linux we get an exception, thrown from the java.util.prefs.Preferences class.

After much nosing around, I noticed the JVM from Mathematica on Linux was setting -Djava.util.prefs.PreferencesFactory=com.wolfram.jlink.DisabledPreferencesFactory, and in the Mathematica SystemFiles I found that DisabledPreferencesFactory class to be returning the null value causing our exception.

That’s when I found this code in InstallJava.m (lines 518 to 527) in the JLink folder (in a createCommandLine function used by InstallJava[]):

(* Disabling the Java prefs subsystem on Unix/Linux is a hack to work around a very annoying problem with    that subsystem. Maybe Sun will fix this in JDK 1.5. Because this is an experimental fix, we'll put in    the $  disablePrefs flag as a backdoor that could be set from top level before launching Java. *) prefsSpec =   If[!osIsWindows[] && !osIsMacOSX[] && $  disablePrefs =!= False,     " -Djava.util.prefs.PreferencesFactory=com.wolfram.jlink.DisabledPreferencesFactory",   (* else *)     ""   ]; 

That made it clear where the issue is coming from, and it looks like we even have a way to disable this, as we’re on Java 1.8 and I don’t think the issue discussed is still a problem, so I’m fine setting that $ disablePrefs flag to false.

So my question is, how do I set that $ disablePrefs flag in a way that the JLink package will see it and not set this Java argument? I tried doing it inside a Mathematica 12 document before loading our package ($ disablePrefs = False;), and then also modified our package to set that flag before calling InstallJava[] from JLink, but neither worked. I’m hoping this is a simple Mathematica thing I just don’t know how to do, as I haven’t used it much. Thanks.

number guessing (java) in google kick start [closed]

Below is the code which is running fine locally but when i submit the code it gives runtime error. import java.util.Scanner;

class solution{ public static void solve(Scanner input, int a, int b ){     int q=(a+b)/2;     System.out.println(q);     String s=input.next();     if(s.equals("correct"))         return ; else if(s.equals("WRONG_ANSWER"))     return ;     else if(s.equals("TOO_SMALL"))         solve(input,q+1,b);     else if(s.equals("TOO_BIG"))         solve(input,a,q-1); }  public static void main(String args[]){     Scanner input=new Scanner(System.in);     int T=input.nextInt();     for(int i=1;i<=T;i++){         int a=input.nextInt();         int b=input.nextInt();         int n=input.nextInt();         solve(input,a+1,b);     }  } 

}

USB token for Java Desktop Application

I would like to integrate the use of a USB token in a JavaFX application that my customers use on a computer I send them. This JavaFX application interacts with a Java/Spring back end. (client-id/secret) I need this secure element for a few reasons, but mainly because I want to avoid the situation where a user would clone the application into an other computer and use two occurrences at the same time.

Is there a way to integrate the secure element without interfering with the current client/server communication ? Basically I would rather not change anything to my Spring back end, and integrate this authentication method separately. I started my research and I am thinking of hosting a WebAuthn server and make my app communicate with it. What do you think about that way of doing ? Thanks a lot for your help !