Security Basics mailing list archives
Re: HTML/Java protection
From: security () scovettadesign com
Date: 21 Sep 2005 13:31:26 -0000
First, I agree with the other responses. Generally speaking, a Java applet must be downloaded and is thus available by the client. One of the responses suggested executing code on the server. With sufficient rights on the client, you may be able to design an applet framework that will load bytecode dynamically from the server. This may mushroom into a huge project (rewriting class loaders, etc), and may not even be possible to actually do within a browser. Some code obfuscation tools might help a little as well. Some can produce "invalid" bytecode that tries to choke a decompiler. Another idea, use JNI to keep the stuff you want secret within a .DLL instead of the .class. You'll run into the same permissions problem as the first idea, so this may not work either. Hope that helps. Mike Scovetta
Current thread:
- HTML/Java protection confusionvalley (Sep 19)
- Re: HTML/Java protection Eduardo Kienetz (Sep 20)
- Re: HTML/Java protection Alexander Klimov (Sep 20)
- <Possible follow-ups>
- Re: Re: HTML/Java protection kikenico (Sep 22)
- Re: HTML/Java protection security (Sep 22)