Storing/Reading sensitive data from Java program

I'm working on a program that will need to store data somewhere on the machine persistently, so that when I close the program the data doesn't disappear. The data is something that I can't hash because the program needs to retrieve it's value.

This database needs to be super secure so that only the program itself can access this storage and nothing else.

Now, SQL seems pretty insecure to me, if you have access to the SQL you have access to every single database contained in it, the only way to go would be to encrypt some of the data I insert but that would lead to store another key for that.

This is the structure of what I need to store:

FileName  |         Key         | GroupOwner
----------|---------------------|-----------
foo.txt   | $iv44dsfggsdvav523v | adminGroup
----------|---------------------|-----------
bar.txt   | %iihg9v8326h5798v93 | adminGroup

Basically files are stored on a server and encrypted with a key, if anyone were to break in the server they should not be able to read the key and thus decrypt the file but only the program should be able to do that.

Is there any way I can store data that only my program can read and modify?


There are a few similar questions on SO - this is a good overview (even if it applies to web applications).

In short - you cannot solve this problem, as you have a chicken-and-egg issue. The common solution is to store the secret key on the filesystem, and use your operating system's security to ensure only authorised users can read it.


In the end, a program is nothing but a written down algorithm; or in other words a protocol.

Meaning: no matter what kind of code you put into your program; in the end it is about a sequence of actions. And in that sense: there is always a chance that another, completely different program does the same things.

So in the end, "software only" solutions always expose certain risks.

That is why "high end" solutions always combine multiple "layers"; that offer different means of protection.

In other words: at some point you need to trust . If an "attacker" has access to the system where your software is running on, then all bets are off anyway. Because then he can attack using debuggers; or even by ripping out the drive; and analyse it in a different system.

Meaning: you can't protect yourself against everything. When your program runs on hardware that you control; then well, you are "protected". But if not; then you simply can't store sensitive information on that system!

链接地址: http://www.djcxy.com/p/67702.html

上一篇: 伪造,嘲弄和剔除有什么区别?

下一篇: 从Java程序中存储/读取敏感数据