Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (539)
Games in Android Showcase (132)
games submitted by our members
Games in WIP (603)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Best way to save data securely  (Read 1130 times)
0 Members and 1 Guest are viewing this topic.
Offline tdegroot96

Junior Devvie


Projects: 1



« Posted 2013-09-16 15:37:00 »

Is ObjectOutputStream the best way to save data?
And does anyone have an idea for securely saving resources?

Thanks in advance!
Offline ClickerMonkey

JGO Coder


Medals: 20


Game Engineer


« Reply #1 - Posted 2013-09-16 15:40:54 »

There is no perfectly secure way to save resources.

You have to decide how difficult you want to make it for hackers to modify the saved game data.

The more difficult you want to make it, the more time you will have to spend on it. Either way it's never completely secure. ESPECIALLY because you're working with Java.

ObjectOutputStream will work fine, just be careful and not change the classes you're saving. Ever.

Offline Danny02
« Reply #2 - Posted 2013-09-16 20:38:46 »

A lot of people around here think that they have to hide their game resources. They don't want other people to change the levels, save-games or textures. What is it, that you care what other people do with your game.

Modding games is fun. Replacing textures with better or more interesting ones or changing the max speed of a taxi in GTA are things people enjoy doing. Why do you want to restrict people having fun with your games?

Just serialize your data in the way which is the most easiest way for you. When you want to be nice save your data as json for example.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline ClickerMonkey

JGO Coder


Medals: 20


Game Engineer


« Reply #3 - Posted 2013-09-16 21:15:43 »

I personally store everything that I can in XML. Easy to change it and restart the game... don't even need to recompile anything.

Offline Longor1996
« Reply #4 - Posted 2013-09-22 17:33:04 »

I am using JSON since recently.
Its just so fast and simple to use and code with.
(Using the GSON Library at least)

- Longor1996

Sorry for my bad English! That's because i am from Germany.
Offline opiop65

JGO Kernel


Medals: 161
Projects: 7
Exp: 4 years


JumpButton Studios


« Reply #5 - Posted 2013-09-22 19:08:15 »

Why do you sign your posts with your name? We already know who you are.

Offline Longor1996
« Reply #6 - Posted 2013-09-23 13:34:23 »

Why do you sign your posts with your name? We already know who you are.

Short Off-Topic so everyone knows:
I have a couple of mental defects, and writing my name on my stuff that helps me keeping my thoughts sorted.
I am doing that with everything, including (but not exluding anything) my clothes.

Thats why I am writing my name on my stuff.

End of Off-Topic.

On-Topic:
Another good idea to store data is to use Mojang's NBT data-format (NamedBinaryTags).
And the last one: Try making your own format using DataInput/DataOutput-streams, its easy.

- Longor1996

Sorry for my bad English! That's because i am from Germany.
Offline ralphchapin

Junior Devvie


Medals: 3
Projects: 1



« Reply #7 - Posted 2013-09-24 00:44:31 »

I think ObjectOutputStream is the best way to save data.  (I never found XML all that readable, to be honest.)  But you have to be careful with it.

For starters, when you write out one object, it writes out all the other objects that first object references directly or indirectly--the whole "object graph".  Theoretically, one write will save your whole game.  But if you're not prepared for it things can get crazy. And if you change an object and write it out again to the same stream, OOS will note that it's already written it and just reference the previous write.  So when you read it in, you won't see the changes--the first and second versions will be identical.  (This gets really interesting if you're using OOS over a socket.)

Next, use Externalizable rather Serializable.  This lets you control exactly what gets written and read.  If class A contains class B, whose data is just 3 integers, Externalizable lets you write out the 3 ints rather than the object.  When you read A back in, you can recreate B from the 3 ints.  Generally, you can avoid writing out data that you don't want to save anyway.  (Yeah, you can do this with Serializable via "transient", but with Externalizable you have more control.)  And you could encrypt data you didn't want people looking at: passwords or names or pictures or critical numbers.

Be careful when reading data back in.  If class A has data that derives from several objects it references, you might want to save space in your file by not saving that data but recreating it from the referenced objects.  However, ven when you are done reading in A, the referenced objects may not have their data yet, so you shouldn't try to get values from them.  You need to do this by reading in the whole file, then going back and recalculating the derived data.  (Or just save it normally in the first place.)

A big benefit to Externalizable is you can include a version number at the start of each class's write.  Should you change the class's writeExternal output, increment this number.  readExternal can check it and read the correct format every time, even if it changes twice a day.  And it can handle big changes too: whole new lists and intricate calculations present no problem at all
Offline xsvenson
« Reply #8 - Posted 2013-09-24 08:04:50 »

Edit: I think I answered some other topic, since this topic is not about the save format. Sorry about that.

The question between the different formats is, how much You want to edit (externally from Your application) the data after You have written it into a file.
If it's more like "never" then any binary format will do.
However if You need to modify it, then the question is why and who.
If it's only You, then any text based format will do.
But if it's for modding or for external apps, like map editors, then it would be wiser to pick one of the more standardized formats then roll Your own.
This is to avoid making others learn yet another "language".

“The First Rule of Program Optimization: Don't do it. The Second Rule of Program Optimization (for experts only!): Don't do it yet.” - Michael A. Jackson
Offline Abuse

JGO Knight


Medals: 14


falling into the abyss of reality


« Reply #9 - Posted 2013-09-24 09:34:07 »

Best as to save data:

It's hard to anticipate why or how others are going to want to mod your code & data.
With that in mind I'd always save in a format that favours interoperability.

Personally I favour json over xml; less bulky.
Of course this is all assuming parsing performance isn't critical; if it is, save in a binary format.

Best way to save data securely:

Don't bother.
If your security model relies upon secure data being stored locally then it's already deeply flawed.

Make Elite IV:Dangerous happen! Pledge your backing at KICKSTARTER here! https://dl.dropbox.com/u/54785909/EliteIVsmaller.png
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline tdegroot96

Junior Devvie


Projects: 1



« Reply #10 - Posted 2013-09-26 13:27:59 »

A lot of people around here think that they have to hide their game resources. They don't want other people to change the levels, save-games or textures. What is it, that you care what other people do with your game.

Modding games is fun. Replacing textures with better or more interesting ones or changing the max speed of a taxi in GTA are things people enjoy doing. Why do you want to restrict people having fun with your games?

Just serialize your data in the way which is the most easiest way for you. When you want to be nice save your data as json for example.

This kinda inspired me, I remember having fun changing the maps and modifying properties :p.
About the resources, yeah. I'm not going to secure that anymore.

Thanks for all the input from all of you!
I made a nice way to save my data, like this:
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  
19  
20  
21  
22  
23  
24  
25  
26  
27  
28  
29  
30  
31  
32  
33  
34  
35  
36  
37  
38  
39  
40  
41  
42  
43  
44  
45  
public void save() {
      String filename = "save";
      try {
         ObjectMapper objectMapper = new ObjectMapper();
         FileOutputStream fos = new FileOutputStream(Score.location + "\\" + filename + ".dat");
         GZIPOutputStream gzos = new GZIPOutputStream(fos);
         ObjectOutputStream out = new ObjectOutputStream(gzos);

         Log.log("Player Save: " + objectMapper.writeValueAsString(player.getSave()));
         out.writeObject(objectMapper.writeValueAsString(player.getSave()));
         out.flush();
         Log.log("Saved Player!");

         out.writeObject(objectMapper.writeValueAsString(level.getSave()));
         out.flush();
         Log.log("Saved Level!");

         out.close();
      } catch (IOException e) {
         System.out.println(e);
      }
   }

   public void load() {
      setupGame();
      String filename = "save";
      try {
         ObjectMapper objectMapper = new ObjectMapper();
         File file = new File(Score.location + "\\" + filename + ".dat");
         if (!file.exists()) {
            Log.log("File does not exist!");
            return;
         }
         FileInputStream fis = new FileInputStream(Score.location + "\\" + filename + ".dat");
         GZIPInputStream gzis = new GZIPInputStream(fis);
         ObjectInputStream in = new ObjectInputStream(gzis);

         player.setSave(objectMapper.readValue((String) in.readObject(), Object[].class));
         uiHandler = new UIHandler(player);

         in.close();
      } catch (Exception e) {
         e.printStackTrace();
      }
   }


I used the ObjectMapper of the Jackson library.
So I kinda used multiple ways of saving data, which makes the save unaccessible with just editors.

Thanks again, for the helpful input!
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

rwatson462 (30 views)
2014-12-15 09:26:44

Mr.CodeIt (23 views)
2014-12-14 19:50:38

BurntPizza (50 views)
2014-12-09 22:41:13

BurntPizza (84 views)
2014-12-08 04:46:31

JscottyBieshaar (45 views)
2014-12-05 12:39:02

SHC (59 views)
2014-12-03 16:27:13

CopyableCougar4 (57 views)
2014-11-29 21:32:03

toopeicgaming1999 (123 views)
2014-11-26 15:22:04

toopeicgaming1999 (114 views)
2014-11-26 15:20:36

toopeicgaming1999 (32 views)
2014-11-26 15:20:08
Resources for WIP games
by kpars
2014-12-18 10:26:14

Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!