This page contains an archived post to the Design Forum (formerly called the Flexible Java Forum) made prior to February 25, 2002.
If you wish to participate in discussions, please visit the new
security of applications with class reloading
Posted by Hamish Cunningham on September 01, 2000 at 6:35 AM
I have an application that makes public the class loader method
that takes an array of bytes etc. and returns a Class. It also
has a run-time compiler based on some (naughty) use of the
sun.tools package. Both of these seem to make the application
very insecure, particularly as it allows the loading of user code
(this code could potentially do anything it likes by using the
run-time compiler, or defineClass, to import other code that
doesn't conform to the interfaces that we allow to load).
The solution that I'm thinking of is: deliver the application as
a sealed jar file; make the run-time compiler and the defineClass
method only allow processing of classes that are in the same
package as the sealed jar contains.
Does this make any sense?
If you're interested, the application in question is at
Dr. Hamish Cunningham
Research Fellow in Computer Science, University of Sheffield