Page 2 of 2 FirstFirst 12
Results 21 to 28 of 28

Thread: Secure

  1. #21
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,949
    Rep Power
    19

    Default

    OK, so it's still accessible.
    That's no different to accessing it across a network...ie the class files have to be there.

  2. #22
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,331
    Rep Power
    25

    Default

    make it unaccessable by your users,
    The server could have a login requirement before it would return a class file. That would add one more level of difficulty to someone getting at your class files.

  3. #23
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,949
    Rep Power
    19

    Default

    But hardly secure, largely because that password has to be on the client somewhere. This is what I mean when I say it's a largely pointless exercise.

    Run it on a server and have the client access that...of course, not knowing what it is that the thing does I have no idea if that's an option.

  4. #24
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,331
    Rep Power
    25

    Default

    Right. I guess we're wasting our time until the OP explains what the app is supposed to do.
    My thoughts were that the code on the client would be a skeleton that only had code to log in and to load class files from the server. The server would NOT send class files to the client without the login. The password would be entered by the client during login. Once logged in the skeleton code would be able to load the "secure" class files for local execution.

  5. #25
    Emperor is offline Member
    Join Date
    Sep 2010
    Posts
    2
    Rep Power
    0

    Default

    Quote Originally Posted by Tolls View Post
    OK, so it's still accessible.
    That's no different to accessing it across a network...ie the class files have to be there.
    Do you understand how the URLClassLoader works?

    Yes, the class files have to be hosted, but that doesn't mean users can acces it.

    Anyways; I have fixed his problem and this thread is no longer needed.

  6. #26
    Norm's Avatar
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    17,331
    Rep Power
    25

    Default

    the class files have to be hosted, but that doesn't mean users can acces it.
    Will an HTTP GET be able to read the class files?

  7. #27
    mrmatt1111's Avatar
    mrmatt1111 is offline Senior Member
    Join Date
    Aug 2009
    Location
    San Jose, CA, USA
    Posts
    320
    Rep Power
    6

    Default

    @Emperor

    How do you make the hosted class files inaccessible to someone and yet make them accessible to your application?

    If the files are hosted, i can figure out that link by decompiling the application running the URLClassLoader and then all i have to do is download it. Or i could just sniff the traffic and save the bytes to a file.

    If you try and encrypt i can still decompile the local key.

    It is simply not possible to prevent a user that has access a usable copy of a program to decompile it, if they really want to. Unless you offload the logic of the application to the server.
    My Hobby Project: LegacyClone

  8. #28
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,949
    Rep Power
    19

    Default

    Exactly.
    If the JVM can get at the class files then so can I.
    And the JVM cannot do a thing without access to the class files.

    Decompiling the class that is running the URLClassLoader, which has to be on my machine and so is available to decompile, will provide me with all the info I need to get at the classes, with not much effort frankly.

    As I said, it is little different to having the jar file on a different machine on my network.

    I doubt you've "fixed" his problem since his problem isn't actually fixable in the way he (or you) think.

    Norm: Yeah, that was my thinking (and the way essentially any web app works). The front end is simply a window onto the system that runs on a server somewhere. Yes, you can decompile the client, but you'll not get access to the inner workings of the code that way, just how your client interacts with the app that resides elsewhere.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. How Java is so secure than other?
    By makpandian in forum New To Java
    Replies: 4
    Last Post: 06-26-2009, 04:22 AM
  2. Secure FTP Wrapper 3.0.3
    By Java Tip in forum Java Software
    Replies: 0
    Last Post: 07-23-2008, 01:56 PM
  3. Secure FTP Wrapper 3.0.2
    By Java Tip in forum Java Software
    Replies: 0
    Last Post: 04-29-2008, 06:05 PM
  4. Secure FTP Applet 4.4
    By vglass in forum Java Software
    Replies: 0
    Last Post: 11-13-2007, 06:30 PM
  5. Secure FTP Factory 7.0
    By vglass in forum Java Software
    Replies: 0
    Last Post: 07-20-2007, 01:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •