Re: Cracking String Encryption in Java Obfuscated Bytecode
- From: John GALLET <john.gallet@xxxxxxxxxx>
- Date: Fri, 24 Nov 2006 17:24:38 +0100 (CET)
Hi,
1) If you are deploying Java on the server you are protected by so many
layers, code obfuscation is not critical
If you want to distribute your app without people getting access to the
code itself, being on client or server is not relevant. Whatever the
reason for wanting to do so.
2) If you are deploying Java Applets for enterprise applications, you
are nuts. They are inherently insecure and Java applets have a long
history of critical problems.
So have cookies and javascript based web applications. Yet cookies are
used everywhere for anything/everything and "ajax" is the new big boy in
town. It is not because something is insecure that people don't use it in
the real world, not the perfect secure one.
You would be amazed of how many times I heard "it's useless to check again
the data on the [php|java|asp|perl] side, we already did it in JS" or "why
add a java middle-tier server side, we can obfuscate the jar file and have
the client PC talk directly to the database" (yeah sure, I'll make a
public, unencrypted, access for you guys).
From a security *threat* point of view, I agree that we could/should moreof these issues.
Same goes with PHP BTW.With the continuous move towards bytecode type of languages (with java
and .NET being the prime examples)
JG
- References:
- Re: Cracking String Encryption in Java Obfuscated Bytecode
- From: Jim Manico
- Re: Cracking String Encryption in Java Obfuscated Bytecode
- Prev by Date: Wolflab Burning Board Lite 1.0.2 two sql injections
- Next by Date: [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection
- Previous by thread: Re: Cracking String Encryption in Java Obfuscated Bytecode
- Next by thread: RE: Cracking String Encryption in Java Obfuscated Bytecode
- Index(es):
Relevant Pages
|
