 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / March 2004Java decompilation problem
Hello First I want to explain what I want to do. I have some experiment simulator. It takes init data and gives two number result. Users on www can add new/modify init data records. Simulator at deadline stars processing this data and assigns result numbers to each of them. That is a big abstraction of that what I really want to do :-) Simulator is written in Java and here my simple idea starts. I want to put simulator in java applet which will get initdata record from server and send result numbers to server. I will put small rect somewhere on the www, and when visitor will browse ower the site he will automaticaly help to speed up result numbers calculation process. It works in simple way: 1. applet gets unprocessed data from some address. Server marks this initdata as "beign externally processed". 2. applet makes experiment simulation 3. if he have result number he sends it with initdataID to server. Server marks this initdata as "processed". Also server makes internall simulations, but 100 visitors computers are better than one computer :) And now the PROBLEM :| Java Applet can be decompiled and some ugly person can modify it and destroy simulation process. How to avoid this situation? Java question: is there any way to make applet decompilation impossible? Need Your help! :D -- Regards Grzegorz On Fri, 26 Mar 2004 18:11:35 +0000 (UTC), "Grzegorz Tañczyk" <goliatus_NIECHE_SPAMU_@mmogspot.com> wrote or quoted : > Java question: is there any way to make applet decompilation > impossible? No. But you can natively compile an Application that talks on the web. see http://mindprod.com/nativecompiler.html http://mindprod.com/jgloss/obfuscator.html Natively compiled code is almost as hard as C++ to decompile. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Roedy Green <look-at-the-website@mindprod.com> wrote in news:oi5960l7rtj5cet3cblj46kjaddapit72l@ 4ax.com: <quote>You can't use native compilers on Applets. In theory you could compile your app as a DLL and make pure java hooks in to it. You would have to design your app as a dll, sign it, arrange for installation of the DLL. The game is hardly worth the candle.</quote> >> Java question: is there any way to make applet decompilation >> impossible? [quoted text clipped - 8 lines] > Coaching, problem solving, economical contract programming. > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. On Fri, 26 Mar 2004 18:11:35 +0000 (UTC), "Grzegorz Tañczyk" <goliatus_NIECHE_SPAMU_@mmogspot.com> wrote or quoted : > Java question: is there any way to make applet decompilation > impossible? here is another technique that gets a similar result. You reissue a slightly different version of the applet each day. Old versions cease to work. You send your poor hacker back to the drawing board each day. See http://mindprod.com/jgloss/obfuscator.html for the art of technical warfare. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. I thought about checking in serverside that does request comes from applet lanuched on mywebsite. Is such info sent by browser in request params? >> Java question: is there any way to make applet decompilation >> impossible? [quoted text clipped - 13 lines] > Coaching, problem solving, economical contract programming. > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. On Fri, 26 Mar 2004 22:33:46 +0000 (UTC), "Grzegorz Tañczyk" <goliatus_NIECHE_SPAMU_@mmogspot.com> wrote or quoted : >I thought about checking in serverside that does request comes from applet lanuched >on mywebsite. Is such info sent by browser in request params? You can set up a login mechanism. You can authenticate based on the sending IP. The HTTP server will let you set up password protected directories where you keep your Applet. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Grzegorz Tañczyk wrote: > Hello > [quoted text clipped - 18 lines] > Also server makes internall simulations, but 100 visitors computers > are better than one computer :) This plan sounds like http://www.md5crk.com/. > And now the PROBLEM :| > [quoted text clipped - 3 lines] > Java question: is there any way to make applet decompilation > impossible? Not really. You can try, but, unlike SSL, it can't be made secure. --Mike Amling > This plan sounds like http://www.md5crk.com/. Same way, but my goal is to make enjoyable internet game ;) Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.