How to store client settings?

[AMarcedone]

I need the client to store stuff like the server's certificate filename, server ip address and port. I need some sort of configuration file I think.

Is there any standard format for that? A quick google search suggested http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html It seems to do exactly what I need. Do you have better suggestion?

Also, I imagine other parts of the application will have to store settings. Do you suggest make separate Property Classes (and thus separate configuration files) or should we try to coordinate and put all the settings within one file? @yt336 @jnshi @saguziel

[jnshi]

Properties makes sense, but I have a personal distaste for it, because it fails to obey the "Prefer composition over inheritance" rule and as a result it's not type-safe and calling certain methods on it with certain subtypes will break the object.

My personal preference would have to be the stuff in javax.json, but this is (1) more complicated and (2) requires installing Java EE 7.

On Fri, Mar 6, 2015 at 10:57 PM, AMarcedone notifications@github.com wrote:

I need the client to store stuff like the server's certificate filename, server ip address and port. I need some sort of configuration file I think.

Is there any standard format for that? A quick google search suggested http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html It seems to do exactly what I need. Do you have better suggestion?

Also, I imagine other parts of the application will have to store settings. Do you suggest make separate Property Classes (and thus separate configuration files) or should we try to coordinate and put all the settings within one file? @yt336 https://github.com/yt336 @jnshi https://github.com/jnshi @saguziel https://github.com/saguziel

— Reply to this email directly or view it on GitHub https://github.com/saguziel/Kryptose/issues/4.

[AMarcedone]

Ok, let's keep it simple. How about separate property files versus one main file?

[jnshi]

Let's just have one. I don't think we'll be needing that many.

On Sat, Mar 7, 2015 at 11:55 AM, AMarcedone notifications@github.com wrote:

Ok, let's keep it simple. How about separate property files versus one main file?

— Reply to this email directly or view it on GitHub https://github.com/saguziel/Kryptose/issues/4#issuecomment-77697934.

[AMarcedone]

I created the property file for the server. Code needs to be copied for the client (when we have one).

Do we wanna assume that if a config file exists then it constains all the required properties, or should I check each individual entry? It is not in our threat model for an adversary to change properties.

@jnshi you can go on with splitting the repository.

[jnshi]

Ideally, the file should undergo some amount of validation, so that errors in configuration are detected and easily fixed.

Good point though, that we should validate all communication that's coming in through the sockets. http://www.ibm.com/developerworks/library/l-sp2/

[AMarcedone]

Configuration files are now implemented both in client and server. If the file is not found, a new one is created and populated with default values. I ensure that if any particular setting is required and not present in the config file, that setting is given a default value.

I do not validate each individual setting, as it is not in our threat model that an adversary can change that. Also, we could imagine to delete the whole configuration file on some critical error, so that it is overwritten with default file at the next program start.

If this sounds ok, close the issue

[jnshi]

I added a comment in the implementation, to the effect of "it makes no sense to automatically set defaults without notifying the user/admin. this makes it more confusing because it turns 'the program didn't work and gave me an error message' to 'the program appears to work but it isn't doing anything the way i configured it to and now i don't know why nobody can connect to the server.' "