The Artima Developer Community
Sponsored Link

Legacy Design Forum
Designing with Dynamic Extension

Advertisement

Advertisement

This page contains an archived post to the Design Forum (formerly called the Flexible Java Forum) made prior to February 25, 2002. If you wish to participate in discussions, please visit the new Artima Forums.

Message:

same problem here.

Posted by Soumya Dutta on April 14, 2001 at 7:09 AM

Hi Hamish,
I would also like to the answer to your question. I already have my classfile encrypted in some form and after decrypting, I have got the byte array which has the byte codes of the class file, but i am not able to make a Class object out of it. Please help.
Thanks in advance,
- Dutta.


> Hi

> I have an application that makes public the class loader method
> that takes an array of bytes etc. and returns a Class. It also
> has a run-time compiler based on some (naughty) use of the
> sun.tools package. Both of these seem to make the application
> very insecure, particularly as it allows the loading of user code
> (this code could potentially do anything it likes by using the
> run-time compiler, or defineClass, to import other code that
> doesn't conform to the interfaces that we allow to load).

> The solution that I'm thinking of is: deliver the application as
> a sealed jar file; make the run-time compiler and the defineClass
> method only allow processing of classes that are in the same
> package as the sealed jar contains.

> Does this make any sense?

> If you're interested, the application in question is at
> http://gate.ac.uk/

> Thanks,

> Dr. Hamish Cunningham
> Research Fellow in Computer Science, University of Sheffield
> http://www.dcs.shef.ac.uk/~hamish





Replies:

Sponsored Links



Google
  Web Artima.com   
Copyright © 1996-2009 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use - Advertise with Us