Bugtraq mailing list archives
RE: Cracking String Encryption in Java Obfuscated Bytecode
From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: Mon, 27 Nov 2006 06:49:49 -0800
Jim, With all respect, I (partially) disagree with you:
With respect, I disagree from a Java perspective. 1) If you are deploying Java on the server you are protected by so many layers, code obfuscation is not critical
True, but there are more reasons than just security for using obfuscation - reducing (but not eliminating!) the risk of reverse engineering, protection of intellectual property, etc. So if you're saying "code obfuscation is not critical FOR SECURITY" I agree, but not necessarily for other reasons.
2) If you are deploying Java Applets for enterprise applications, you are nuts. They are inherently insecure and Java applets have a long history of critical problems.
Well, this is true - but it's the wrong reason. As just about everyone on this list knows, relying on the client side to do security enforcement is inherently a losing proposition. And obfuscating the bytecode doesn't make client-side enforcement any more secure. --Jeremy
Current thread:
- Cracking String Encryption in Java Obfuscated Bytecode subere (Nov 23)
- Re: Cracking String Encryption in Java Obfuscated Bytecode Jim Manico (Nov 24)
- Re: Cracking String Encryption in Java Obfuscated Bytecode John GALLET (Nov 24)
- <Possible follow-ups>
- RE: Cracking String Encryption in Java Obfuscated Bytecode Jeremy Epstein (Nov 27)
- Re: Cracking String Encryption in Java Obfuscated Bytecode Jim Manico (Nov 24)