Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #6740

Re: Unsealing a jar file at runtime

Newsgroups comp.lang.java.programmer
From Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at>
Subject Re: Unsealing a jar file at runtime
References <f0b4a955-9046-4f5d-9fe1-1fc8feea535d@p31g2000vbs.googlegroups.com> <slrnj32hi4.6gl.avl@gamma.logic.tuwien.ac.at> <375b1210-8410-4f56-a2a9-69d63678bd8f@dc3g2000vbb.googlegroups.com>
Message-ID <slrnj3fvjs.6gl.avl@gamma.logic.tuwien.ac.at> (permalink)
Date 2011-08-02 13:41 +0000

Show all headers | View raw

raphfrk@gmail.com <raphfrk@gmail.com> wrote:
> On Jul 28, 12:21 pm, Andreas Leitgeb <a...@gamma.logic.tuwien.ac.at>
> wrote:
>> Breaking open a seal is typically easily done.
>> Reinstating someone else's seal on the changed
>> content is "believed" to be much harder. I also
>> believe that it is, but I'm no crypto-expert.
> I don't want to break/remake, just wanted to extend a private class.

Who is going to run the resulting code?

You, yourself? Fine! Remove the seal by changing the library's MANIFEST
removing the seal. Then run your code that places that one class into
the library's package and it will work - on your machine.

You want someone else, who got that library from a site he trusts,
to execute your code (injecting that class into the library's package)?
No go.  That's what the seal protects the customer against.

The seal is not about the jar-file, it is about the packages inside the 
jar-file, that are "protected" by the seal against other jar-files that
would attempt to inject their classes into foreign packages.

If the customer of your package trusts you well enough, you could 
persuade him into accepting and using a seal-removed version of that
library, though.

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Find similar

Thread

Unsealing a jar file at runtime "raphfrk@gmail.com" <raphfrk@gmail.com> - 2011-07-28 02:36 -0700
  Re: Unsealing a jar file at runtime Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2011-07-28 11:21 +0000
    Re: Unsealing a jar file at runtime lewbloch <lewbloch@gmail.com> - 2011-07-29 13:42 -0700
    Re: Unsealing a jar file at runtime "raphfrk@gmail.com" <raphfrk@gmail.com> - 2011-08-01 14:48 -0700
      Re: Unsealing a jar file at runtime Eric Sosman <esosman@ieee-dot-org.invalid> - 2011-08-01 21:22 -0400
      Re: Unsealing a jar file at runtime Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2011-08-02 13:41 +0000

csiph-web