There are java class obfuscators available for preventing this kind of thing. You can run a utility called tdump supplied with Borland's free compiler on dll's, etc, and explore them as well. Windows machines come with a now obscure program call debug from which anyone can explore what's in memory, etc. Just type in debug from a command prompt. It comes down to a basic fact that you can reverse just about everything, depending on how much time and resources you want to spend. Nothing is absolutely secure. Security is a relative thing. It sure is fun figuring out how things are put together though. Charles At 02:58 PM 4/5/2002 -0800, you wrote: >Only if you consider security-through-obscurity to be REAL(tm) security. > ><steven.sporenat_private> on 04/05/2002 05:17:19 AM > >To: vuln-devat_private >cc: >Subject: JAVA more insecure than true compiled code? > > > >Hi, > >I was wondering what people's thoughts are regarding the security of code >written in JAVA, I recently reverse engineered a product with a freely >available JAVA decoder and found that it produced code with variable names >imports etc, making it very easy to find out how it hung together. Could >this be construed as a security flaw with JAVA? > >Thoughts comments are appreciated. > > Steven >---------------------------------------------------------------- >The information transmitted is intended only for the person or entity to >which it is addressed and may contain confidential and/or privileged >material. Any review, retransmission, dissemination or other use of, or >taking of any action in reliance upon, this information by persons or >entities other than the intended recipient is prohibited. If you received >this in error, please contact the sender and delete the material from any >computer.
This archive was generated by hypermail 2b30 : Sat Apr 06 2002 - 09:22:14 PST