PDA

View Full Version : [Java] How to block decompiling?



robertforyou
07-20-2015, 01:59 PM
I want to make a java application for user panels from my minecraft server. The single problem is: The stats will be withdrawn from the server database. But i don't want players to decompile my application because they will get the database infos and password... How can i block this or how can i hide the database infos from a java application. Or would be better to make it in C#? I'm not sure because i heard that C# is as easy to decompile as Java.

Chillivanilli
07-20-2015, 02:28 PM
I want to make a java application for user panels from my minecraft server. The single problem is: The stats will be withdrawn from the server database. But i don't want players to decompile my application because they will get the database infos and password... How can i block this or how can i hide the database infos from a java application. Or would be better to make it in C#? I'm not sure because i heard that C# is as easy to decompile as Java.

You can use obfuscators like proguard to obfuscate your code, but people will still see the database etc. What you need to do is setup a php script on a server where you send your requests to. So e.g. you are sending a GET request to myminecraftserver.com/stats.php?user=chillivanilli
The php script will connect to your database and for example give you a response with the stats of the current user. That way people dont see your database settings unless they would hack your server and get the php file.

Implementing the database directly into your java application is a high security issue.

cүвεя_נυηкιε
07-20-2015, 03:35 PM
Well, i saw the thread name and thought i would see if I can offer some wisdom,
but it seems Chillivanilli hit the nail on the head, using a php file/s would have been the way i would have done it.

+1 to every word, great advice :)

robertforyou
07-20-2015, 05:23 PM
You can use obfuscators like proguard to obfuscate your code, but people will still see the database etc. What you need to do is setup a php script on a server where you send your requests to. So e.g. you are sending a GET request to myminecraftserver.com/stats.php?user=chillivanilli
The php script will connect to your database and for example give you a response with the stats of the current user. That way people dont see your database settings unless they would hack your server and get the php file.

Implementing the database directly into your java application is a high security issue.

Ok, will try this, but first i need to document about php, because i used it only one time to create a page, i'm not to good at this.
I looked, it's not too hard PHP, but another problem. Wouldn't the database infos will be seen when someone will check "View page source"? Also i will need to learn how to do http requests for this xD It was easier getting the infos directly from the database, but now if i will do it with a php to prevent database info stolen, i need to do it with http requests. Do you know any good book/tutorial or something to learn http requests?

Edit: I documented a bit on the internet, and the php code is hidden to users, so i can safe connect to the database. Now, my question is. If i have a /stats.php that connects to the database, how would i connect it to the java application, and how would i do a request from java to that php file to get something from the MySQL database?

Edit2: Got it to work by making two jars, one client and one server, they send infos to each other using sockets. And the database infos are stored only on the server.

Chillivanilli
07-23-2015, 10:47 AM
Ok, will try this, but first i need to document about php, because i used it only one time to create a page, i'm not to good at this.
I looked, it's not too hard PHP, but another problem. Wouldn't the database infos will be seen when someone will check "View page source"? Also i will need to learn how to do http requests for this xD It was easier getting the infos directly from the database, but now if i will do it with a php to prevent database info stolen, i need to do it with http requests. Do you know any good book/tutorial or something to learn http requests?

Edit: I documented a bit on the internet, and the php code is hidden to users, so i can safe connect to the database. Now, my question is. If i have a /stats.php that connects to the database, how would i connect it to the java application, and how would i do a request from java to that php file to get something from the MySQL database?

Edit2: Got it to work by making two jars, one client and one server, they send infos to each other using sockets. And the database infos are stored only on the server.

Great you figured it out!
Thread closed