Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / December 2003

Tip: Looking for answers? Try searching our database.

Java is NOT appropriate for confidential code?

Thread view: 
Enable EMail AlertsStart New Thread
Masa Hokari - 04 Dec 2003 01:53 GMT
Hi,

I would like to hear opinion on my problem from those who
have been working on Java.

I am working on a small Java library to be used by a
number of products in my compay. The library contains bit
sensitive code that we don't want everyone, especially
hackers, to look into. We have had equivalent C++
version and I just finished Java port. Now someone just
told me that Java programs are easy to reverse engineer
because you can easily know class/method/field names and
you can decompile byte codes. His recommendation is to use
JNI wrapper for C++ library!

So the question is if Java programs are easy to reverse
engineer, what is the standard practice to make highly
confidential programs in Java? As far as I checked, there
are obfuscators that mangle class/method/field names. Is
this only thing I can do? Or Java is instinctly not
appropriate for highly confidential code compared to C++?

Thanks!

Masa
Reply to this Message
Roedy Green - 04 Dec 2003 06:55 GMT
>The library contains bit
>sensitive code that we don't want everyone, especially
>hackers, to look into.

there are many techniques to do psychological war with the pirates.

see http://mindprod.com/jgloss/obfuscator.html

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Ben_ - 04 Dec 2003 10:46 GMT
And with a good decompiler (http://members.fortunecity.com/neshkov/dj.html,
for example), you can see the difference.

Also search the comp.lang.java.programmer newsgroup, there has been
discussions in the past two months about pros & cons of obfuscation.
Reply to this Message
Juha Laiho - 04 Dec 2003 20:32 GMT
"Masa Hokari" <mhokari@adobe.com> said:
>The library contains bit sensitive code that we don't want everyone,
>especially hackers, to look into.

Are you perhaps resorting to security by obscurity, in a case where
you can't have real security?

So, for a program to be secure, it must be secure even when the source
code is released in public (like code for SSL, PGP, SSH, ...). Security
that relies on keeping the code secret is no security.
Signature

Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
        PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.