I was wondering if there was any way other placing the information that is genereated by the program between runs of the program?

我想知道是否还有其他方法可以在程序运行之间放置程序生成的信息？

Simply use an ObjectOutputStreamto serialize it into a file and an ObjectInputStreamto get it back.

只需使用 anObjectOutputStream将其序列化为文件并使用 anObjectInputStream将其取回。

Also is there any way to do it so as to keep the information secure? from the end user being able to access it?

还有什么办法可以保证信息的安全？从最终用户能够访问它？

If the code runs on the end user's system then no, there is no way to prevent them from getting the data - it's not even worth your time trying to encode it somehow, since it's easy to attach a debugger and inspect the program's state while it's running. As a binary format, Java serialization will prevent non-technical users from deciphering it, and that's pretty much the best you can hope for.

如果代码在最终用户的系统上运行，那么不，没有办法阻止他们获取数据 - 甚至不值得花时间尝试以某种方式对其进行编码，因为很容易附加调试器并在程序运行时检查程序的状态跑步。作为一种二进制格式，Java 序列化将防止非技术用户对其进行破译，这几乎是您所希望的最好结果。

I've never used it myself, but I think that's what the JDK's java.util.prefs.Preferenceswas originally designed for.

我自己从未使用过它，但我认为这就是 JDK 的java.util.prefs.Preferences最初的设计目的。

You can use Propertiesfor storing information. If you want to make it secure, run it through some sort of encryption stream.

您可以使用属性来存储信息。如果您想使其安全，请通过某种加密流运行它。

You could use db4oto store the data. It's an object database and supports encryption.

您可以使用db4o来存储数据。它是一个对象数据库并支持加密。

Cryptography on files, or local database with password.

文件加密，或带密码的本地数据库。

You might be interested in Quick'n'dirty persistence for Java.

您可能对 Java 的 Quick'n'dirty 持久性感兴趣。

Some people suggested to use serialization. Beware that there are a number of disadvantages to serialization.

有人建议使用序列化。请注意，序列化有许多缺点。

• The versioning problem. If you change something in the classes that are serialized, then serialized files written with the old version of your program can't be read easily anymore.
• You don't know the exact file format. It will be really hard if you want to write a different program later, possibly in a different programming language, that needs to read the file.

• 版本问题。如果您更改序列化类中的某些内容，则无法再轻松读取使用旧版本程序编写的序列化文件。
• 您不知道确切的文件格式。如果你以后想写一个不同的程序，可能是用不同的编程语言，这需要读取文件，这将是非常困难的。

Serialization is not well-suited for long-term storage.

序列化不太适合长期存储。

I would suggest using a small, embedded database instead. (An embedded database is a database that runs in the same process as your program). Note that Sun's Java includes Java DB, which is a version of Apache Derby. There's also HSQLDB, which is another small and pure Java database that can be used as an embedded database.

我建议改用小型嵌入式数据库。（嵌入式数据库是与您的程序在同一进程中运行的数据库）。请注意，Sun 的 Java 包括Java DB，它是 Apache Derby 的一个版本。还有HSQLDB，它是另一个可用作嵌入式数据库的小型纯 Java 数据库。

XML as a serialization technique is more resilient to future changes in your program that will adjust the storage than binary formats such as Object Serialisation. However that would make it very readable and changeable by most users.

XML 作为一种序列化技术，比二进制格式（如对象序列化）更能适应程序中未来的变化，这些变化将调整存储。但是，这将使大多数用户非常容易阅读和更改。

A very simple compression/decompression would stop almost all users from getting at the actual contents of the data. The use of GZipInputStream/GZipOutputStream around your current writing stream will do the job. The more elaborate your defence against prying you get the more it will impact the users of your software.

一个非常简单的压缩/解压缩将阻止几乎所有用户获取数据的实际内容。在您当前的写入流周围使用 GZipInputStream/GZipOutputStream 将完成这项工作。您对窥探的防御越精细，它对软件用户的影响就越大。

How about serialization?

序列化怎么样？

It can't be read by the user and it's relatively easy.

它不能被用户读取，而且相对容易。

As others have said, there are a myriad of ways to serialize data. You can use something lightweight like SQLite or just plain serialization. Just realize that any attempts you make to encrypt the data can be defeated, especially in the case of Java code since it can be easily reversed.

正如其他人所说，有无数种方法可以序列化数据。你可以使用像 SQLite 这样轻量级的东西，或者只是简单的序列化。只要意识到您对数据进行加密的任何尝试都可能被挫败，尤其是在 Java 代码的情况下，因为它很容易被逆转。

However, if the bulk of your users are not technical enough to understand the complexities of reverse engineering a Java program to figure out how to decrypt your data, you should be able to get away with some basic encryption methods like what was mentioned in another answer and be good. Just realize that anytime anything resides on a machine you don't control, there is no way to keep the most persistent users from figuring out how to crack it.

但是，如果您的大部分用户技术水平不够，无法理解对 Java 程序进行逆向工程以找出如何解密数据的复杂性，那么您应该能够使用一些基本的加密方法，例如另一个答案中提到的方法并且很好。只要意识到任何时候任何东西驻留在您无法控制的机器上，就无法阻止最持久的用户弄清楚如何破解它。

I personally would suggest using sqlite and using some simple encryption on the data you put in the fields so if someone is smart enough to be able to connect to the local DB file, they still have to reverse your crypto algorithm in some manner. 99.9% of regular users won't bother with this level of investigation.

我个人建议使用 sqlite 并对您放入字段的数据使用一些简单的加密，因此如果有人足够聪明能够连接到本地数据库文件，他们仍然必须以某种方式反转您的加密算法。99.9% 的普通用户不会打扰这种级别的调查。