Object persistence strategy for desktop application

大兔子大兔子 提交于 2019-12-23 18:32:49

问题


I am developing a Java based desktop application. There are some data generated from the application object model that I need to persist (preferably to a file). There is also a requirement to protect the persisted file so that others can't derive the object model details from the data. What's the best strategy for doing these? I was in the impression that these requirements are very common for desktop apps. However, I haven't been able to found much useful info on it. Any suggestion appreciated.


回答1:


Your question has two parts. 1st: How to persist data? 2nd: How to protect them?

There is a lot of ways how to persist data. From simple XML, java serialization to own data format. There is no way how to prevent revers engineering data just by "plain text". You can just make it harder, but not impossible. To make it quite impossible you need to use strong encryption and here comes a problem. How to encrypt data and don't reveal secure token. If you are distributing secure token with your application it is just a matter of time to find it and problem is solved. So entering a secure token during installation is not an option. If user has to authenticate to use application it should help, but it is the same problem. The next option is to use custom protected bijection algorithm to obfuscate data. And the last option is to do nothing just keep the data format private and don't publish them and obfuscate your application to prevent from reverse engineering.

At the best value comes simple obfuscation of data (XOR primenumber) with custom data format and obfuscated application.




回答2:


If you don't need to modify this file you can serialize the object graph to a file. The contents are binary and they could only be read using the classes where they were written.

You can also use Java DB ( shipped with java since 1.5 I think ) and an ORM tool for that such as Hibernate.

EDIT

It is bundled since 1.6 http://developers.sun.com/javadb/




回答3:


XStream works if you want to do simple xml reading and writing to a file. Xstream allows you to take any java object and write it to and read it from you file.




回答4:


I think "serialization" is the word:

http://java.sun.com/developer/technicalArticles/Programming/serialization/




回答5:


If you really need the security implied in your statement ("...protect the persisted file so that others can't derive the object model details from the data."), I'd serialize the data in memory (to Java serialized form, XML, or whatever) and then encrypt that byte-stream to a file.




回答6:


You can try using an embedded database like Berkeley DB Java Edition (http://www.oracle.com/database/berkeley-db/je/index.html). Their direct persistent layer API will most likely suit your needs. The database contents are synced to files on disk. From just looking at the files directly, it's not easy to figure out the object model from the data. I've had good experiences with it, it's lightning fast and works well with desktop applications.



来源:https://stackoverflow.com/questions/393948/object-persistence-strategy-for-desktop-application

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!