Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.programmer > #6727
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail |
|---|---|
| From | Eric Sosman <esosman@ieee-dot-org.invalid> |
| Newsgroups | comp.lang.java.programmer |
| Subject | Re: Unsealing a jar file at runtime |
| Date | Mon, 01 Aug 2011 21:22:50 -0400 |
| Organization | A noiseless patient Spider |
| Lines | 28 |
| Message-ID | <j17jig$opf$1@dont-email.me> (permalink) |
| References | <f0b4a955-9046-4f5d-9fe1-1fc8feea535d@p31g2000vbs.googlegroups.com> <slrnj32hi4.6gl.avl@gamma.logic.tuwien.ac.at> <375b1210-8410-4f56-a2a9-69d63678bd8f@dc3g2000vbb.googlegroups.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1; format=flowed |
| Content-Transfer-Encoding | 7bit |
| Injection-Date | Tue, 2 Aug 2011 01:23:28 +0000 (UTC) |
| Injection-Info | mx04.eternal-september.org; posting-host="f8igmItKsWs6nM5YanFxAA"; logging-data="25391"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/kSXIac3Bj0SRoUb3421h1" |
| User-Agent | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0 |
| In-Reply-To | <375b1210-8410-4f56-a2a9-69d63678bd8f@dc3g2000vbb.googlegroups.com> |
| Cancel-Lock | sha1:P4z2eY9baKoK9Pr8Ksu4bgMx0Ug= |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:6727 |
Show key headers only | View raw
On 8/1/2011 5:48 PM, raphfrk@gmail.com wrote:
> On Jul 28, 12:21 pm, Andreas Leitgeb<a...@gamma.logic.tuwien.ac.at>
> wrote:
>> Breaking open a seal is typically easily done.
>> Reinstating someone else's seal on the changed
>> content is "believed" to be much harder. I also
>> believe that it is, but I'm no crypto-expert.
>
> I don't want to break/remake, just wanted to extend a private class.
>
> Anyway, I guess if it was possible it would be a major hole in the
> security system.
Yes. Also, it's well not to think of security solely in the form
of "denial," as in "That so-and-so won't let me get at his private
class!" Think for a moment of the so-and-so (who might as well be
you), saying "I'm sure there's a better way to do this, but I don't
have time to research/develop/debug it right now. I'll just put the
adequate-but-not-great solution in a private class, and in Version 2.0
I'll replace it with something better. The replacement will be nothing
like the original, but that won't hurt anybody because it's a private
class so only my own code will need to adjust."
In other words, the security you chafe at also protects YOU.
--
Eric Sosman
esosman@ieee-dot-org.invalid
Back to comp.lang.java.programmer | Previous | Next — Previous in thread | Next in thread | Find similar
Unsealing a jar file at runtime "raphfrk@gmail.com" <raphfrk@gmail.com> - 2011-07-28 02:36 -0700
Re: Unsealing a jar file at runtime Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2011-07-28 11:21 +0000
Re: Unsealing a jar file at runtime lewbloch <lewbloch@gmail.com> - 2011-07-29 13:42 -0700
Re: Unsealing a jar file at runtime "raphfrk@gmail.com" <raphfrk@gmail.com> - 2011-08-01 14:48 -0700
Re: Unsealing a jar file at runtime Eric Sosman <esosman@ieee-dot-org.invalid> - 2011-08-01 21:22 -0400
Re: Unsealing a jar file at runtime Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2011-08-02 13:41 +0000
csiph-web