 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / February 2004Is JAVA secure ?
Hi ! I have a basic question (which is actually more hypotetical). How secure is Java regarding Java code. If for example I make a code, which connect thru JDBC to some database, then I actually expose the way how to connect (DSN, username, password). If I have an access to execute code, then I actually have access to disassemble it to a nice source. So the only way is to let the user enter such critical data on a fly probably.... > Hi ! > [quoted text clipped - 5 lines] > So the only way is to let the user enter such critical data on a fly > probably.... JAVA [sic] is not an acronym, Java is a programming language. If you were to write such an application, then you would certainly be exposing a security hole. This is not the fault of Java, this is the fault of the developer/architect - it is poor form to do such a thing, in any language. Usually, you require the user of your application to specify sensitive data (such as passwords) in some more secure way, such as at application start time. Good luck !  SignatureTony Morris (BInfTech, Cert 3 I.T.) Software Engineer (2003 VTR1000F) Sun Certified Programmer for the Java 2 Platform (1.4) Sun Certified Developer for the Java 2 Platform > > Hi ! > > [quoted text clipped - 18 lines] > > Good luck ! Actually, password providing is one of the most sensitive data. But revealing how actually program works is also branch to possible hacker attack. If you use machine-code compilers, although if you use disassembler, it is very difficult to read what the program is doing, but when I got (can't tell which one) recently made Java Disasembler, it produces much the same source code, as I wrote (except remark part). So actually, I can reveal vendor's classes, get program functionality and do my own one. This is almost the same case, as 15 years ago with the Clipper programming language (whichch was also the code & interpreter ). It will be much more secure (probably) having Java CPU's & Operating systems (which I don't know why, they stuck in a black hole) > > > Hi ! > > > [quoted text clipped - 31 lines] > be much more secure (probably) having Java CPU's & Operating systems > (which I don't know why, they stuck in a black hole) What are you getting at ? Compiling sensitive data into bytecode (be it Java bytecode or native bytecode) is poor form. Why are you telling me this ? I don't understand what it is you want to know. SignatureTony Morris (BInfTech, Cert 3 I.T.) Software Engineer (2003 VTR1000F) Sun Certified Programmer for the Java 2 Platform (1.4) Sun Certified Developer for the Java 2 Platform >> > Hi ! >> > [quoted text clipped - 32 lines] > be much more secure (probably) having Java CPU's & Operating systems > (which I don't know why, they stuck in a black hole) Good obfuscators/shrinkers/renamers, such as ProGuard, can make it much harder to disassemble Java bytecode, albeit never impossible. What will hackers/crackers do with disassembled classes that all have self-explaining names, fields and methods such as "C", "b.a0(a.a.A)"... They will find it easier to re-write your app from clear ground ! So writing secure code is impossible, but you can generate so dirty classes (they are even more dirty if you obfuscate your app and all its external libraries at the same time) that whoever will disassemble them will vomit in a minute. Signature°¤oOo¤°livier Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.