Vulnerability Development mailing list archives

Re: JAVA more insecure than true compiled code?

From: "James Washer" <washer () us ibm com>
Date: Fri, 5 Apr 2002 14:58:57 -0800

Only if you consider security-through-obscurity to be REAL(tm) security.

<steven.sporen () za pwcglobal com> on 04/05/2002 05:17:19 AM

To:    vuln-dev () securityfocus com
cc:
Subject:    JAVA more insecure than true compiled code?

Hi,

I was wondering what people's thoughts are regarding the security of code
written in JAVA, I recently reverse engineered a product with a freely
available JAVA decoder and found that it produced code with variable names
imports etc, making it very easy to find out how it hung together. Could
this be construed as a security flaw with JAVA?

Thoughts comments are appreciated.

  Steven
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.

Current thread:

JAVA more insecure than true compiled code? steven.sporen (Apr 05)
- RE: JAVA more insecure than true compiled code? The Picard (Apr 07)
- Re: JAVA more insecure than true compiled code? -l0rt- (Apr 08)
- <Possible follow-ups>
- Re: JAVA more insecure than true compiled code? James Washer (Apr 05)
  - Re: JAVA more insecure than true compiled code? Charles Bell at home (Apr 06)
- Re: JAVA more insecure than true compiled code? Hack Hawk (Apr 07)
- Re: JAVA more insecure than true compiled code? dirk . dussart (Apr 08)