Account is new but I've been reading on this website for years and I now need some advice. Still pretty new at Java and I am developing a desktop application that deals with personal information relating to the user but also their social circles. What would be the best option to keep these info safe? I am not considering external DB (like MySql which I am using so far for my beta) as it means potential users would have to install and configure some other softwares, also not considering serialization as I don't really like the idea of an external txt file (please correct me if I am wrong about any of these two points). Is there a way to directly store info in the application? Could someone please give me some perspective on the matter and recommend leads? (And sorry if a previous thread covers my concerns, I did not find it!) Thanks a lot in advance!
Good night, evening, day or morning!
Modern OS design and security principles strongly dictate that an app should not have write access to itself. There are real hacky ways (complex, hard to write, most libraries don't work well with it, and fragile, in that it'll easily break on some systems) to write into your own jar, but it's a bad design in any case, let alone when you take into account that complex and fragile.
You can't reasonably encrypt anything (because the password will have to be inside the app) unless the user has to enter the decryption password as they start your app / open your 'storage file' if it's a multi-document kind of deal, in which case, by all means, do that.
h2 is an all-java database engine, no need for the user to install separate anything, it produces a single file with the data. It's that or handroll your own serialization to a separate file in the user's home or ~/Documents or whatnot. You'll have to hardcode for each major OS the right location if you don't just want to 'write to .myapp.bin in the home dir of the user' which you can easily do via System.getProperty("user.home").
So, yes, you are wrong on both points: