Re: Unsealing a jar file at runtime
On 8/1/2011 5:48 PM, raphfrk@gmail.com wrote:
On Jul 28, 12:21 pm, Andreas Leitgeb<a...@gamma.logic.tuwien.ac.at>
wrote:
Breaking open a seal is typically easily done.
Reinstating someone else's seal on the changed
content is "believed" to be much harder. I also
believe that it is, but I'm no crypto-expert.
I don't want to break/remake, just wanted to extend a private class.
Anyway, I guess if it was possible it would be a major hole in the
security system.
Yes. Also, it's well not to think of security solely in the form
of "denial," as in "That so-and-so won't let me get at his private
class!" Think for a moment of the so-and-so (who might as well be
you), saying "I'm sure there's a better way to do this, but I don't
have time to research/develop/debug it right now. I'll just put the
adequate-but-not-great solution in a private class, and in Version 2.0
I'll replace it with something better. The replacement will be nothing
like the original, but that won't hurt anybody because it's a private
class so only my own code will need to adjust."
In other words, the security you chafe at also protects YOU.
--
Eric Sosman
esosman@ieee-dot-org.invalid