Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #6727

Re: Unsealing a jar file at runtime

From Eric Sosman <esosman@ieee-dot-org.invalid>
Newsgroups comp.lang.java.programmer
Subject Re: Unsealing a jar file at runtime
Date 2011-08-01 21:22 -0400
Organization A noiseless patient Spider
Message-ID <j17jig$opf$1@dont-email.me> (permalink)
References <f0b4a955-9046-4f5d-9fe1-1fc8feea535d@p31g2000vbs.googlegroups.com> <slrnj32hi4.6gl.avl@gamma.logic.tuwien.ac.at> <375b1210-8410-4f56-a2a9-69d63678bd8f@dc3g2000vbb.googlegroups.com>

Show all headers | View raw

On 8/1/2011 5:48 PM, raphfrk@gmail.com wrote:
> On Jul 28, 12:21 pm, Andreas Leitgeb<a...@gamma.logic.tuwien.ac.at>
> wrote:
>> Breaking open a seal is typically easily done.
>> Reinstating someone else's seal on the changed
>> content is "believed" to be much harder. I also
>> believe that it is, but I'm no crypto-expert.
>
> I don't want to break/remake, just wanted to extend a private class.
>
> Anyway, I guess if it was possible it would be a major hole in the
> security system.

     Yes.  Also, it's well not to think of security solely in the form
of "denial," as in "That so-and-so won't let me get at his private
class!"  Think for a moment of the so-and-so (who might as well be
you), saying "I'm sure there's a better way to do this, but I don't
have time to research/develop/debug it right now.  I'll just put the
adequate-but-not-great solution in a private class, and in Version 2.0
I'll replace it with something better.  The replacement will be nothing
like the original, but that won't hurt anybody because it's a private
class so only my own code will need to adjust."

     In other words, the security you chafe at also protects YOU.

-- 
Eric Sosman
esosman@ieee-dot-org.invalid

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Unsealing a jar file at runtime "raphfrk@gmail.com" <raphfrk@gmail.com> - 2011-07-28 02:36 -0700
  Re: Unsealing a jar file at runtime Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2011-07-28 11:21 +0000
    Re: Unsealing a jar file at runtime lewbloch <lewbloch@gmail.com> - 2011-07-29 13:42 -0700
    Re: Unsealing a jar file at runtime "raphfrk@gmail.com" <raphfrk@gmail.com> - 2011-08-01 14:48 -0700
      Re: Unsealing a jar file at runtime Eric Sosman <esosman@ieee-dot-org.invalid> - 2011-08-01 21:22 -0400
      Re: Unsealing a jar file at runtime Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2011-08-02 13:41 +0000

csiph-web