What is the best way to save user settings in java application?

Java

Java Problem Overview

What is the best way to save user settings in java desktop app securely? For example If I want to save an Ftp account settings what is the best way to do that?

Thanks

Java Solutions

Solution 1 - Java

The Preferences API is a nice way to store user and system preferences. If you want to store passwords, you'll have to encrypt them. Here is a nice article that can get you started.

Encrypted Preferences in Java

Solution 2 - Java

I usually store in user data directory, with sub directories of application name followed by application version.

public static String getUserDataDirectory() {
    return System.getProperty("user.home") + File.separator + ".jstock" + File.separator + getApplicationVersionString() + File.separator;
}

I had been using the following code for 3 years. This method works quite well either in Windows, Linux or Mac.

Please note that, in Windows, never store it in Program Files, as UAC in Windows Vista or newer may give you a lot of trouble.

Remember put a dot in-front of your application name, so that it will become a hidden folder in Linux.

Good thing by using this methology is that, you are not limited your self in storing primitive value only. Instead, you may save the entire object state to the disk by using xstream

For example :

public static boolean toXML(Object object, File file) {
    XStream xStream = new XStream();
    OutputStream outputStream = null;
    Writer writer = null;

    try {
        outputStream = new FileOutputStream(file);
        writer = new OutputStreamWriter(outputStream, Charset.forName("UTF-8"));
        xStream.toXML(object, writer);
    }
    catch (Exception exp) {
        log.error(null, exp);
        return false;
    }
    finally {
        close(writer);
        close(outputStream);
    }

    return true;
}

Solution 3 - Java

Storing a single password securely is quite difficult. Suppose you encrypt the password using some secret key. Then when your applciation starts again it needs that secret key, where does it get that from?

If it asks the user then he might as well just enter the ftp password which you stored in the first place. If it reads the secret key from somewhere then you need to secure the secret key, and we're back where we started.

If you are keeping several passwords then asking the user for a single password to some "vault" may be much friendlier, but you then get into all the hassle of dealing with expired passwords.

There are products available to deal with this wort of stuff, if you have a serious need then you probably need to investigate them.

Categories
Recommended Java Solutions

Previous Solution:

How much data can a List can hold at the maximum?

JavaArraylistSize

Next Solution:

How to change the message in a Python AssertionError?

PythonExceptionAssertionsNose

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionFeras OdehView Question on Stackoverflow
Solution 1 - JavaGiorgos DimtsasView Answer on Stackoverflow
Solution 2 - JavaCheok Yan ChengView Answer on Stackoverflow
Solution 3 - JavadjnaView Answer on Stackoverflow