| encrypted source file support in jdk? |
|
 |
Index ‹ java-programmer
|
- Previous
- 2
- 2
- US-CA: Senior Software Engineers (Java) wanted Immediately!Cataphora is an award winning software company providing technology and
services for high end litigations and investigations. Its customers
include Fortune 500 companies, governmental agencies, and top American
law firms. We pride ourselves on having been funded from the start
entirely by revenues, with no venture capital investment. At Cataphora,
your creativity and versatility will be focused on a wide variety of
software development challenges and developing cutting-edge algorithms
for analyzing very large datasets. We are more than 80 people strong,
and continue to grow our employee-owned San Francisco Bay area company
by providing superior technology to meet the needs of our customers.
This is an excellent growth opportunity for the right candidate in a
rapidly growing, self-funded pre-IPO start-up.
Required Skills
- At least 4 years experience dealing with middleware or enterprise
software applications
- 3 years of Java experience
- Strong analytical and problem solving skills
Desired Skills
- Strong database experience
- Demonstrated ability to develop algorithms for solving complex
problems
- Development experience with a web-based application using J2EE
technologies
To apply, please send your resume (inline preferred; RTF, Word Doc or
PDF otherwise) to: email***@***.com - subject: "EU-DE-M09".
If you have any questions, feel free to contact me:
email***@***.com
Regards,
Markus Morgenroth
- 5
- Response cache on the application serverIs it a good thing to cache the search result?
The metadata for our system can be as much as 100,000
I am trying to enable the response cache on the web server.
However, I am thinking about the problem i might meet.
When you cache the search result, is it possible the other
person throw the same condiiton and see the same result?
With our system there some security set for each row, so
if this happens there is a security leak.
MD
- 7
- A basic tomcat questionHi gang, Tomcat's not my area of expertise but I have to get some simple
things set up -- nothing fancy.
I'm having trouble getting classes & packages to work. The setup is Tomcat
5.5.4 & JDK1.5. I can get basic servlets and JSPs to work, but I'm having
trouble with user classes and packages. Here's an example:
tomcat\webapps\ROOT\Test\TestMovie.jsp
----------------------------------------
<#@ page import="testpackage" @>
<html>
<body>
<% Movie m = new Movie("Gone With the Wind", 1936, 19.95); %>
<%= m.title %>
</body>
</html>
tomcat\webapps\ROOT\Test\WEB-INF\classes\testpackage\Movie.java
-------------------------------------------------------------------------
package testpackage;
public class Movie
{
public String title;
public int year;
public double price;
public Movie(String title, int year, double price)
{
this.title = title;
this.year = year;
this.price = price;
}
}
I've googled this & read the documentation, everything seems to say put all
the classes in packages, create a folder for the package under
WEB-INF\classes, and put the class files in the package folder, and that
should do the trick. But I must have something else missing. Any ideas?
Also, I don't know if this is related, but is there a trick to using new
featured of Java 1.5 in a JSP? I can't get the following JSP to compile:
<%@ page import="java.util.*" %>
<html>
<head>
<title>You're breaking my concentration.</title>
</head>
<body>
<% ArrayList<String> s = new ArrayList<String>();
%>
</body>
</html>
It complains about the first < in the scriptlet. Does that have to be
escaped somehow?
TIA,
--D
- 8
- Forcing swing gui to be drawnHey, right now I have a program that analyzes an EKG when a button is
clicked. I want to pop up a progress bar in a new frame to show how far
it is, but I'm having problems. I can create the frame, and it will
appear, but it won't draw the progress bar until it is done executing
all of the other commands.
I ahve tried opening the frame with a separate thread, but it resulted
in the same problem. I guess there must be some draw queue that is on a
low priority, but I really have no idea why it isn't working.
Any help would be great... I show this at a science fair in 2 days.
Thanks!
-Thomas
- 9
- Java Native Interface - passing parameter array of different datatypesGreets!
Yesterday I googled for hours to find a tutorial how to call Java
methods from C++ native code. Unfortunately I didn't find anything
useful, the Java JNI documentation doesn't capture the functionality
of the JNI very well.
I want to do the following: I want to call a Java method from C++
code. The Java method has some parameters of different datatypes, like
public static boolean dosomething(int x, long y, String z)
for example. Is there any way to do this? The Call...Methods() take
the method ID and an array of parameters to pass to the function, but:
HOW TO CREATE AN ARRAY OF DIFFERENT DATATYPES???
It's only possible to create a new array calling something like
NewObjectArray() when passing a datatype given.... I think, the only
way to pass parameters of different datatypes from C++ to Java methods
is to create a new class containing all parameters necessary and to
pass the class as the one and only argument.
Any ideas?
Best Regards
Clemens
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
- 9
- How to convert Java class to exe files for performance?I have developped a java application (no awt involved) for my school research.
It's basically a scientific calculation program, which has huge loops.
Now it's very slow to run it in java/JIT.
I'd like to know if there are some existing free program to translate java
code(or class) to C code(or exe) since rewrite my code in C will take too long.
Has anyone used samilar converter before? Any suggestion is appreciated.
Thanks,
Wei
- 9
- Java Chat Recording.Hi,
A website I use has a chat room and it's chatter-side interface is a Java
application. The comments chatters post come thick and fast and, although
there is a scoll bar, it's no good scrolling down to see comments missed,
as, as soon as a new comment is posted, all the comments scroll up to it.
There is no cut-and-paste/recording facility. As it's possible to scroll
up and down the comments, there must be somewhere where the comments are
held. Would this be just in some sort of video buffer, a
constantly-appended file on my PC's disk drive or just in memory? Is there
any way to record the conversations? Have the output from the Java
application redirected to a file, etc?
Thanks in advance.
Yours,
Gary Hayward.
- 9
- JMF video frame sizeI need to know dimension of the media file played by
javax.media.bean.playerbean.MediaPlayer
I use the code you can see below:
FormatControl formatControl = (FormatControl)
this.mediaPlayer.getControl ("javax.media.control.FormatControl");
VideoFormat videoFormat = (VideoFormat) formatControl.getFormat();
return videoFormat.getSize();
mediaPlayer is known object from another class.
But I get formatControl == null.
It's very very strange, but just one time this code did work.
So I have no idea ... Someone else?
- 11
- 14
- Hibernate305: delete query fails with "must begin with SELECT or FROM"I'm using Hibernate 3.0.5, JDK 1.4.2, and Oracle 9i.
I'm following the Hibernate 3.0.5 docs to build a query to delete rows
from a table. My code looks something like this:
-----------------
String hql = "delete ReqField " +
"where fieldName = :fieldName and value
= :value";
Query query =
sessionFactory.getCurrentSession().createQuery(hql);
query.setString("fieldName", fieldName);
query.setString("value", value);
int deletedRows = query.executeUpdate();
-----------------
This fails with:
org.hibernate.QueryException: query must begin with SELECT or FROM:
delete [delete ReqField where fieldName = :fieldName and value
= :value]
What is wrong with my query?
- 14
- Parsing a test fileI'm pretty new to Java and have been assigned to parse a log file.
The file is tab delimited. I have several tokens that I need to look
for. I have to find all the rows that have "290" then check a column
within that row. That value must match a pattern. The pattern will be
stored in a db table, so the user can add muliple patterns. That item
will then be placed in a new file.
A good example would be awesome.
Thanks.
- 15
- URL in IFRAMELet's say I have a struts action at http://xyz.com/someAction.do and this
URL is referred from one IFRAME via "src" attribute of IFRAME. Is it
possible for me to detect inside someAction.do which page is embedding it in
an IFRAME? How can I do this?
et me put question in a different way, if I refer to Google API with this -
code:
------------------------------------------------------------------------------
<script
src="http://maps.google.com/maps?file=api&v=2.x&key=ABQIAAAAHuQre3TX-ZKoHs97iqelnBQn09xNixTqt4LnUZ12n-xJURxIHRRdLvNa4xtUwCJO0gkyTjCSRjfctQ"
type="text/javascript">
------------------------------------------------------------------------------
How does it know that the request is coming from domain xyz.com? It is not
purely based on the key - if I send same key from another domain, it doesn't
work! So how can I do that? Which header do I use? The referer header is
returned as null!
- manish
- 15
- Error passing Element to web serviceI'm upgrading from WebLogic 6.1 to WebLogic 8.1 SP 4.
We used to specify weblogic.soap.http.SoapInitialContextFactory and
weblogic.soap.encoding.factory to lookup the web service in the client.
Well, the SoapInitialContextFactory and CodecFactory classes are no
longer around. So now I've used clientgen to generate the stubs and
here is my client code:
MyWebService service = new MyWebService_Impl(wsdlurl);
MyWebServicePort port = service.getMyWebServicePort();
Element result = port.processIt(theElement);
However, I get the following error calling processIt:
java.rmi.RemoteException: web service invoke failed:
javax.xml.soap.SOAPException: failed to serialize interface
org.w3c.dom.Element weblogic.xml.schema.binding.SerializationException:
Failed to serialize Document due to the following error
weblogic.xml.stream.XMLStreamException: The local name of an attribute
cannot be null
...
Caused by: weblogic.xml.schema.binding.SerializationException: Failed
to serialize Document due to the following error
weblogic.xml.stream.XMLStreamException: The local name of an attribute
cannot be null
at
weblogic.xml.schema.binding.internal.builtin.DocumentCodec.serialize(DocumentCodec.java:76)
...
Here's the schema and xml file:
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://myproject.org/myproject_test.xsd"
xmlns:myproject_test="http://myproject.org/myproject_test.xsd"
elementFormDefault="qualified">
<element name="TEST">
<complexType>
<sequence>
<element ref="TEST_ID"/>
</sequence>
</complexType>
</element>
</complexType>
<element name="TEST_ID" type="string"/>
</schema>
<?xml version="1.0" encoding="UTF-8"?>
<TEST xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://myproject_test.xsd"
xsi:schemaLocation="http://myproject.org/myproject_test.xsd"
file:///N:/myproject/metadata/myproject_test.xsd">
<TEST_ID>ABCD1234</TEST_ID>
</TEST>
I've been testing with this bare minimum schema so that I can change
the namespaces and other things easily. The one and only thing that's
made a difference is when I take out the namespace stuff from the xml
file, it does get sent to the server. I.E.:
<?xml version="1.0" encoding="UTF-8"?>
<TEST>
<TEST_ID>ABCD1234</TEST_ID>
</TEST>
However, I can't leave it like that because the server doesn't know
what to do with it. Also, when the server tries to send the response,
it gets the same error as above.
weblogic.xml.stream.XMLStreamException: The local name of an attribute
cannot be null
at
weblogic.xml.babel.adapters.DOMAdapter.adaptAttribute(DOMAdapter.java:113)
at
weblogic.xml.babel.adapters.DOMAdapter.adaptElement(DOMAdapter.java:147)
...
javax.xml.soap.SOAPException: failed to serialize interface
org.w3c.dom.Element weblogic.xml.schema.binding.SerializationException:
Failed to serialize Document due to the following error
weblogic.xml.stream.XMLStreamException: The local name of an attribute
cannot be null
The web service also returns an Element, but it's a different type from
a different schema, which I haven't touched. So the server is having
the same problem as the client.
If I change the web service to receive and return only strings, it
works fine. But I haven't been able to figure out why it won't work
for the Element. Does this sound like a problem with my WebLogic
configuration, the schemas/xml files, the web service, the client? Is
there a way to tell what attribute it is complaining about?
Thanks,
Christy
- 16
- Bound Threads (Re: Process vs Thread: what are the consequences?)On Tue, 13 Nov 2007 16:04:12 +0000, Kenneth P. Turvey wrote:
> Just based on some experimentation I was doing, this doesn't seem to be
> true. I'm running Linux with the Sun JVM, and it didn't map each Java
> thread to a native thread until the Java thread was spending enough time
> executing. I was actually trying to get this mapping (1 to 1) and found
> it impossible to guarantee under Linux with the Sun JVM.
>
> Under Solaris there is the -XX:UseBoundThreads (or something similar) to
> get that behavior, but under Linux no such option exists.
>
> I will freely admit that my experiment could have been flawed, but it
> wasn't behaving as if it was using more than a single native thread. I
> suspect that the article above is out of date.
I hate to followup my own post, but I've been looking at this problem
again and I'm really just unhappy with how it works. Since this can so
easily be solved under Solaris, and Lew (I think?) mentioned that this is
all JVM dependent. I was hoping somebody could point me to a JVM that
runs under Linux that supports the -XX:UseBoundThreads option or something
similar. I want a 1:1 mapping between native threads and Java threads and
I just can't seem to get it.
Does anyone have any idea? (BTW, I checked IBM's JVM).
--
Kenneth P. Turvey <email***@***.com>
|
| Author |
Message |
Tom Forsmo
|
 Posted: 2007-9-27 20:18:00 |
Top |
java-programmer, encrypted source file support in jdk?
Hi
I an wondering if anybody knows if its possible to extend the
functionality of the sun java compiler/vm in jdk6, with for example
plugins or similar? or if the jdk supports something similar already?
What I am looking for is to set up a jdk environment where the source
code is ecrypted at the file level. This requires javac to be able to
en-/decrypt the source files. For further protection, the jvm would need
such support as well.
some details:
To answer the typical question first. For this scenario I am not
interrested in encrytpted filesystems, because it still leaves the
files vulnerable as long as the filesystem is mounted. The secrecy of
the files can still be compromised from hacking, virus, trojans, skype,
xss and all other sorts of system hacking. With encrypted files the
information in the files are still protected, even in the case a trojan
sends a file by email to somebody on the internet. Enctrypted
filesystems only help protect the integrity of the local system and the
disk while the system/disk is not running. Encrypted files help protect
the information during use as well.
I know there are many other issues as well, I'll be working throuhg it.
here is the list of the issues of most importance:
- en-/decryption support in
- ide / editor
- compiler
- code searching tools
- disassembler/debugger
- remove excess information from class files
- how to handle static content files
- html, css, jsp, configuration files for libraries and frameworks etc
- if class files are also encrypted
- en-/decryption support in the jvm runtime, covers tomcat, jboss etc.
- possible encrypted jar/war/ear files etc
- debugger
- information about classes must also be protected from prying
eyes who have obtained the class files and using the debugger to get
information.
|
| |
|
| |
|
Lew
|
| Posted: 2007-9-27 21:28:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Tom Forsmo wrote:
> Hi
>
> I an wondering if anybody knows if its possible to extend the
> functionality of the sun java compiler/vm in jdk6, with for example
> plugins or similar? or if the jdk supports something similar already?
>
> What I am looking for is to set up a jdk environment where the source
> code is ecrypted at the file level. This requires javac to be able to
> en-/decrypt the source files. For further protection, the jvm would need
> such support as well.
Use the encrypted file capability of your host operating system, or pipe the
source through a decryptor on the way to the compiler.
--
Lew
|
| |
|
| |
|
Tom Forsmo
|
| Posted: 2007-9-27 22:32:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Lew wrote:
> Tom Forsmo wrote:
>> Hi
>>
>> I an wondering if anybody knows if its possible to extend the
>> functionality of the sun java compiler/vm in jdk6, with for example
>> plugins or similar? or if the jdk supports something similar already?
>>
>> What I am looking for is to set up a jdk environment where the source
>> code is ecrypted at the file level. This requires javac to be able to
>> en-/decrypt the source files. For further protection, the jvm would
>> need such support as well.
>
> Use the encrypted file capability of your host operating system,
As I stated further down in the post, that is a solution which is not
relevant for this scenario. Becuase does not solve this problem.
> or pipe
> the source through a decryptor on the way to the compiler.
that is a possibility, if the tools used supports feeding the tool with
input through a pipe. I think that might be a problem in java since the
compiler requires files to be located in directories according to their
package names and directory structures can not be communicated through pipes
any solution would have to be integrated into the IDE so that the IDE
can cache keys so the user dont have to enter the password every time
and so that only the IDE environment has access to the decrypted files
(i.e. if its the tool that decrypts the password must be cached by the
tool for the user does not have to type the password everytime. If the
tool caches the password, then anybody can actually run the tool and get
unenecrypted access to the source code.
My current thinking is that it should be integrated at the application
level, i.e. the ide/tools(java, javac) since then the solution is
portable to all platforms. A solution made for the OS or as a middleman
script etc, can not necessarily be utilised on all platforms easily.
regards
tom
|
| |
|
| |
|
Nigel Wade
|
| Posted: 2007-9-27 22:50:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Tom Forsmo wrote:
> Hi
>
> I an wondering if anybody knows if its possible to extend the
> functionality of the sun java compiler/vm in jdk6, with for example
> plugins or similar? or if the jdk supports something similar already?
>
> What I am looking for is to set up a jdk environment where the source
> code is ecrypted at the file level. This requires javac to be able to
> en-/decrypt the source files. For further protection, the jvm would need
> such support as well.
>
> some details:
>
> To answer the typical question first. For this scenario I am not
> interrested in encrytpted filesystems, because it still leaves the
> files vulnerable as long as the filesystem is mounted. The secrecy of
> the files can still be compromised from hacking, virus, trojans, skype,
> xss and all other sorts of system hacking. With encrypted files the
> information in the files are still protected, even in the case a trojan
> sends a file by email to somebody on the internet. Enctrypted
> filesystems only help protect the integrity of the local system and the
> disk while the system/disk is not running. Encrypted files help protect
> the information during use as well.
>
> I know there are many other issues as well, I'll be working throuhg it.
> here is the list of the issues of most importance:
>
> - en-/decryption support in
> - ide / editor
> - compiler
> - code searching tools
> - disassembler/debugger
> - remove excess information from class files
> - how to handle static content files
> - html, css, jsp, configuration files for libraries and frameworks etc
> - if class files are also encrypted
> - en-/decryption support in the jvm runtime, covers tomcat, jboss etc.
> - possible encrypted jar/war/ear files etc
> - debugger
> - information about classes must also be protected from prying
> eyes who have obtained the class files and using the debugger to get
> information.
If you are that paranoid, why are you
a) running Windows
b) connected to the Internet?
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : email***@***.com
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
|
| |
|
| |
|
Tom Forsmo
|
| Posted: 2007-9-27 23:04:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Nigel Wade wrote:
> If you are that paranoid, why are you
> a) running Windows
I am not running windows.
> b) connected to the Internet?
Thats quite a naive statement. do you actually think industrial
espionage does not exists? The biggest threat to internet security these
days are all the viruses, trojans etc which are now developed by
international organised crime to extort money or sell information.
The only way to reduce the risk of these malwares are by encrypting the
actual files.
regards
tom
|
| |
|
| |
|
Daniel Dyer
|
| Posted: 2007-9-27 23:40:00 |
Top |
java-programmer >> encrypted source file support in jdk?
On Thu, 27 Sep 2007 13:17:55 +0100, Tom Forsmo <email***@***.com> wrote:
> I know there are many other issues as well, I'll be working throuhg it.
> here is the list of the issues of most importance:
>
> - en-/decryption support in
...
> - disassembler/debugger
> - remove excess information from class files
You can do this bit with an obfuscator, such as Proguard
(http://proguard.sourceforge.net).
> - if class files are also encrypted
> - en-/decryption support in the jvm runtime, covers tomcat, jboss etc.
> - possible encrypted jar/war/ear files etc
> - debugger
> - information about classes must also be protected from prying
> eyes who have obtained the class files and using the debugger to get
> information.
This is a common suggestion for protecting class files but it won't work
(see
http://www.javaworld.com/javaworld/javaqa/2003-05/01-qa-0509-jcrypt.html).
Dan.
--
Daniel Dyer
http://www.uncommons.org
|
| |
|
| |
|
Lew
|
| Posted: 2007-9-27 23:49:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Tom Forsmo wrote:
> The biggest threat to internet security these
> days are all the viruses, trojans etc which are now developed by
> international organised crime to extort money or sell information.
> The only way to reduce the risk of these malwares are by encrypting the
> actual files.
Some combination of the JSE 6 javax.tools package interfaces (JSR 199 compiler
API) and the new support for encryption should give you the capability you desire.
--
Lew
|
| |
|
| |
|
bcd
|
| Posted: 2007-9-28 0:01:00 |
Top |
java-programmer >> encrypted source file support in jdk?
In article <fdg739$6g8$email***@***.com>, Tom Forsmo <email***@***.com> wrote:
>Hi
>
>I an wondering if anybody knows if its possible to extend the
>functionality of the sun java compiler/vm in jdk6, with for example
>plugins or similar? or if the jdk supports something similar already?
>
> (...)
> - debugger
> - information about classes must also be protected from prying
>eyes who have obtained the class files and using the debugger to get
>information.
If you are looking to protect your code from the owner/user of the
system, then you can only do this if all the software that is capable
of decrypting your ciphertext /and/ all instances of decrypted
cleartext are run and stored on a piece of hardware that is
effectively under your control.
You might achieve this by giving the user a dongle with a processor in
it (a SmartCard perhaps) that is actually running the software and
presenting /only/ the final results of the software's computations to
the computer. Not knowing what your software actually does, I can't
comment on what sort of protocols you'd need in order to achieve this.
Or you might require the user to be online and use an internet site of
yours as a "remote dongle" where everything is actually run. This
effectively converts your software into a web-application-like animal.
Cheers
Bent D
--
Bent Dalager - email***@***.com - http://www.pvv.org/~bcd
powered by emacs
|
| |
|
| |
|
rossum
|
| Posted: 2007-9-28 1:56:00 |
Top |
java-programmer >> encrypted source file support in jdk?
On Thu, 27 Sep 2007 14:17:55 +0200, Tom Forsmo <email***@***.com> wrote:
>Hi
>
>I an wondering if anybody knows if its possible to extend the
>functionality of the sun java compiler/vm in jdk6, with for example
>plugins or similar? or if the jdk supports something similar already?
>
>What I am looking for is to set up a jdk environment where the source
>code is ecrypted at the file level. This requires javac to be able to
>en-/decrypt the source files. For further protection, the jvm would need
>such support as well.
Encryption is a solution to a problem. Since I am not clear what your
roblen is then is is difficult for me to suggest a solution, or even
if encryption is the right solutin to your problem.
You want to protect your source files. Why? Do you have some
super-secret algorithm in your program that a competitor wants to get
their hands on?
Are you writing a virus that you want to encrypt so that it avoids
virus detectors?
Do you want to stop people copying your code and running it without
paying you?
If you are so interested in keeping your source code secret, then why
are you using Java? C++ with a highly optimising compiler will do
more to obscure the source code than any Java obfuscator.
>
>some details:
>
>To answer the typical question first. For this scenario I am not
>interrested in encrytpted filesystems, because it still leaves the
>files vulnerable as long as the filesystem is mounted. The secrecy of
>the files can still be compromised from hacking, virus, trojans, skype,
>xss and all other sorts of system hacking. With encrypted files the
>information in the files are still protected, even in the case a trojan
>sends a file by email to somebody on the internet.
No. Any piece of memory can be copied to the swap file, so in
principle anything that is in memory can also appear on disk. Since
at some point the executable byte code, and the executable machine
code, must be in memory then the level of security you seem to be
looking for is not possible.
>Enctrypted filesystems only help protect the integrity of the local system and the
>disk while the system/disk is not running. Encrypted files help protect
>the information during use as well.
>
>I know there are many other issues as well, I'll be working throuhg it.
>here is the list of the issues of most importance:
>
>- en-/decryption support in
> - ide / editor
> - compiler
> - code searching tools
Do you want to encrypt your source files during development as well as
during operation?
>- disassembler/debugger
> - remove excess information from class files
As I said, use C++ or another compiled language instead of Java and
this problem goes away.
>- how to handle static content files
> - html, css, jsp, configuration files for libraries and frameworks etc
Easy enough to encrypt or obscure - anything from ROT13 to AES
depending on what you are hiding them from. ROT13 will protect from
your kid sister, AES (properly used) will protect from Nasty Megacorp
Inc.
rossum
>- if class files are also encrypted
> - en-/decryption support in the jvm runtime, covers tomcat, jboss etc.
> - possible encrypted jar/war/ear files etc
> - debugger
> - information about classes must also be protected from prying
>eyes who have obtained the class files and using the debugger to get
>information.
|
| |
|
| |
|
Joshua Cranmer
|
| Posted: 2007-9-28 5:14:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Tom Forsmo wrote:
>> or pipe the source through a decryptor on the way to the compiler.
>
> that is a possibility, if the tools used supports feeding the tool with
> input through a pipe. I think that might be a problem in java since the
> compiler requires files to be located in directories according to their
> package names and directory structures can not be communicated through
> pipes
Look into the javax.tools package (since Java 6).
> any solution would have to be integrated into the IDE so that the IDE
> can cache keys so the user dont have to enter the password every time
> and so that only the IDE environment has access to the decrypted files
> (i.e. if its the tool that decrypts the password must be cached by the
> tool for the user does not have to type the password everytime. If the
> tool caches the password, then anybody can actually run the tool and get
> unenecrypted access to the source code.
Integrating into IDEs is a whole other can of worms...
> My current thinking is that it should be integrated at the application
> level, i.e. the ide/tools(java, javac) since then the solution is
> portable to all platforms. A solution made for the OS or as a middleman
> script etc, can not necessarily be utilised on all platforms easily.
... except it might be worthwhile to create pseudo-javac's that executes
some Java code that uses javax.tools.
If you really want to get down and dirty, start going through the Java
source code with regard to the stuff in tool.jar
--
Beware of bugs in the above code; I have only proved it correct, not
tried it. -- Donald E. Knuth
|
| |
|
| |
|
Roedy Green
|
| Posted: 2007-9-28 6:28:00 |
Top |
java-programmer >> encrypted source file support in jdk?
On Thu, 27 Sep 2007 14:17:55 +0200, Tom Forsmo <email***@***.com> wrote,
quoted or indirectly quoted someone who said :
>What I am looking for is to set up a jdk environment where the source
>code is ecrypted at the file level. This requires javac to be able to
>en-/decrypt the source files. For further protection, the jvm would need
>such support as well.
You can either do this with JCE, see
http://mindprod.com/jgloss/jce.html
If your files are short, and you want a lightweight solution that uses
public key cryptography without needing the JCE library installed, see
http://mindprod.com/products1.html#TRANSPORTER
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
|
| |
|
| |
|
Roedy Green
|
| Posted: 2007-9-28 6:30:00 |
Top |
java-programmer >> encrypted source file support in jdk?
On Thu, 27 Sep 2007 14:17:55 +0200, Tom Forsmo <email***@***.com> wrote,
quoted or indirectly quoted someone who said :
>I an wondering if anybody knows if its possible to extend the
>functionality of the sun java compiler/vm in jdk6, with for example
>plugins or similar? or if the jdk supports something similar already?
other things to look into:
1. ZIP encryption. http://mindprod.com/jgloss/zip.html
2. Secure Thumbdrives with a en embedded private key
http://mindprod.com/bgloss/thumbdrive.html
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
|
| |
|
| |
|
tom forsmo
|
| Posted: 2007-9-28 14:26:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Daniel Dyer wrote:
> On Thu, 27 Sep 2007 13:17:55 +0100, Tom Forsmo <email***@***.com> wrote:
>> - if class files are also encrypted
>
> This is a common suggestion for protecting class files but it won't work
> (see
> http://www.javaworld.com/javaworld/javaqa/2003-05/01-qa-0509-jcrypt.html).
Not quite, the scenario described in that article is for when you sell a
binary and want to protect the binary. Of course, that would not work
because the users must have the password to decrypt the files in the
classloader and of course anybody can listen in if they have the password.
My scenario is for protecting source/class files where only a limited
number of people have access to it, such as for internal use during
development of a new product etc. or if you dont sell the code, but
sell a web service that only you provide. In such situations class files
can be protected on the server with this scheme.
But you will allways have the problem of protecting the machine from
directed hacking, so they can not tamper with your rt environment or
similar. but that is allways a concern. If they have root access its
difficult to protect from anythin, unless you start using ACLs and
role-based security (used in military systems).
regards
tom
|
| |
|
| |
|
tom forsmo
|
| Posted: 2007-9-28 14:31:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Bent C Dalager wrote:
> In article <fdg739$6g8$email***@***.com>, Tom Forsmo <email***@***.com> wrote:
>> Hi
>>
>> I an wondering if anybody knows if its possible to extend the
>> functionality of the sun java compiler/vm in jdk6, with for example
>> plugins or similar? or if the jdk supports something similar already?
>>
>> (...)
>> - debugger
>> - information about classes must also be protected from prying
>> eyes who have obtained the class files and using the debugger to get
>> information.
>
> If you are looking to protect your code from the owner/user of the
> system, then you can only do this if all the software that is capable
> of decrypting your ciphertext /and/ all instances of decrypted
> cleartext are run and stored on a piece of hardware that is
> effectively under your control.
What I was thinking of here was if somebody had illegally obtained the
class files, and using debugging to reverse engineer the code. The usage
scenario is that the class files are not public either, therefor no one
should have a copy of the class files either, except for the people
working in the company that owns the code.
Its not about protecting binaries sold to customer. Its about protecting
IP of internal projects in progress, in the same way you would protect
marketing plans etc.
regards
tom
|
| |
|
| |
|
tom forsmo
|
| Posted: 2007-9-28 14:43:00 |
Top |
java-programmer >> encrypted source file support in jdk?
rossum wrote:
> On Thu, 27 Sep 2007 14:17:55 +0200, Tom Forsmo <email***@***.com> wrote:
>
> Encryption is a solution to a problem. Since I am not clear what your
> roblen is then is is difficult for me to suggest a solution, or even
> if encryption is the right solutin to your problem.
>
> You want to protect your source files. Why? Do you have some
> super-secret algorithm in your program that a competitor wants to get
> their hands on?
Sorry to have to say this, but why is none of your business.
Every company has its intelectual property it wants to protect, if not
then lets just open all gateways and firewalls. That does not seem right
does it?
Try a little more open minded thinking next time you ask questions, dont
just assume the person you are talking to is asswipe.
> Are you writing a virus that you want to encrypt so that it avoids
> virus detectors?
>
> Do you want to stop people copying your code and running it without
> paying you?
>
> If you are so interested in keeping your source code secret, then why
> are you using Java? C++ with a highly optimising compiler will do
> more to obscure the source code than any Java obfuscator.
read the original post a little close or read my other replys, maybe you
find some asnwers.
>> some details:
>>
>> To answer the typical question first. For this scenario I am not
>> interrested in encrytpted filesystems, because it still leaves the
>> files vulnerable as long as the filesystem is mounted. The secrecy of
>> the files can still be compromised from hacking, virus, trojans, skype,
>> xss and all other sorts of system hacking. With encrypted files the
>> information in the files are still protected, even in the case a trojan
>> sends a file by email to somebody on the internet.
> No. Any piece of memory can be copied to the swap file, so in
> principle anything that is in memory can also appear on disk. Since
> at some point the executable byte code, and the executable machine
> code, must be in memory then the level of security you seem to be
> looking for is not possible.
That is why i mentioned encrypted filessystem to protect the system, and
that includes protecting swap as well.
>
>> Enctrypted filesystems only help protect the integrity of the local system and the
>> disk while the system/disk is not running. Encrypted files help protect
>> the information during use as well.
>>
>> I know there are many other issues as well, I'll be working throuhg it.
>> here is the list of the issues of most importance:
>>
>> - en-/decryption support in
>> - ide / editor
>> - compiler
>> - code searching tools
> Do you want to encrypt your source files during development as well as
> during operation?
at least until the product is released to the public.
regards
tom
|
| |
|
| |
|
Andrew Thompson
|
| Posted: 2007-9-28 15:41:00 |
Top |
java-programmer >> encrypted source file support in jdk?
tom forsmo wrote:
..
>Sorry to have to say this, but why is none of your business.
Sure, but then your *original* question becomes none
of our business (or particular concern) either.
If you have a question that is so secret and special that
the details can only be shared with trusted persons, it is
best to take it to a consultant or help desk.
This, on the other, is a discussion forum, so if you post
here, please be prepared to discuss the matter.
--
Andrew Thompson
http://www.athompson.info/andrew/
Message posted via JavaKB.com
http://www.javakb.com/Uwe/Forums.aspx/java-setup/200709/1
|
| |
|
| |
|
Roedy Green
|
| Posted: 2007-9-28 16:11:00 |
Top |
java-programmer >> encrypted source file support in jdk?
>What I am looking for is to set up a jdk environment where the source
>code is ecrypted at the file level.
You might also be thinking about obfuscating.
See http://mindprod.com/jgloss/obfuscator.html
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
|
| |
|
| |
|
tom forsmo
|
| Posted: 2007-9-28 16:22:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Andrew Thompson wrote:
> tom forsmo wrote:
> ..
>> Sorry to have to say this, but why is none of your business.
>
> Sure, but then your *original* question becomes none
> of our business (or particular concern) either.
I am asking how to keep specified things secret, and that is certainly
something I am willing to discuss. What the particular source code I
want to keep secret is, is nobodys business. Thats why its called a secret.
regards
tom
|
| |
|
| |
|
Roedy Green
|
| Posted: 2007-9-28 17:04:00 |
Top |
java-programmer >> encrypted source file support in jdk?
On Fri, 28 Sep 2007 08:42:41 +0200, tom forsmo <email***@***.com>
wrote, quoted or indirectly quoted someone who said :
>Try a little more open minded thinking next time you ask questions, dont
>just assume the person you are talking to is asswipe.
Quite often people want to spend huge amounts protecting software that
nobody wants to pirate. They think it is just the thing to do. There
are legal remedies as well.
Usually all you want is just to make it more expensive to crack your
code than compose it from scratch. The problem is, even with native
compilation, all you can do is slow down a determined hacker. After
all, the CPU has to crack the code to run it, so in principle all the
information needed is also available to the hacker.
To block brute force attacks you pretty well have to make the program
mutate and get fresh information frequently from the net, information
the hacker does not have in advance.
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
|
| |
|
| |
|
tom forsmo
|
| Posted: 2007-9-28 17:41:00 |
Top |
java-programmer >> encrypted source file support in jdk?
Roedy Green wrote:
> On Fri, 28 Sep 2007 08:42:41 +0200, tom forsmo <email***@***.com>
> wrote, quoted or indirectly quoted someone who said :
>
>> Try a little more open minded thinking next time you ask questions, dont
>> just assume the person you are talking to is asswipe.
>
> Quite often people want to spend huge amounts protecting software that
> nobody wants to pirate. They think it is just the thing to do. There
> are legal remedies as well.
First of all, when you create something you hope it will be of interest
to others. So the only resonable thing to do is to protect it as best
you can (unless its an open source project). If you create something
that is going into a market with f.ex. intense competition and you are
certain that BigDollars are going to notice and perhaps copy, then legal
remedies does not help you. since the legal system is slow and by the
time its finished there, they might have copied all your ideas, bundled
it with their systems and marketing plans, made you spend so much money
on legal stuff that you are unable to actually do something in the
market or even develop the product furhter. And by the time the case is
over, they have 100 million customers using their solution while you are
broke and the company has next to no market share.
To explain again, what I am looking for is a way to protect the SOURCE
CODE and CLASS FILES during DEVELOPMENT, that means only when the code
is in-house. I am not talking about protecting class files distributed
to the public.
It could perhaps be of interrest to protect the class files, but thats
only relevant if I am the only one with access to the class files, for
example when of I provide a web service where the class files are never
distributed to the public.
> Usually all you want is just to make it more expensive to crack your
> code than compose it from scratch. The problem is, even with native
> compilation, all you can do is slow down a determined hacker. After
> all, the CPU has to crack the code to run it, so in principle all the
> information needed is also available to the hacker.
>
> To block brute force attacks you pretty well have to make the program
> mutate and get fresh information frequently from the net, information
> the hacker does not have in advance.
I dont agree that just because you cant get 100% security, you should
abstain from any security.
regards
tom
|
| |
|
| |
|
| |
|
Index ‹ java-programmer |
- Next
- 1
- Returning a reference to an objectHi,
I've created a class to implement a state machine, so it's got a State
attribute. It has algo got a private java.util.Stack attribute.
In order to work, State classes need to access the stack to push and pop
data, etc.
To access it from State, I have wrote a method called getStack() which
returns a reference to the stack, but I think this is not recommended
beacause all objects sharing the reference can modify it, and led to errors
difficult to debug, etc. Returning a stack's clone is not valid solution,
as I have to make changes on the real one.
So my question is, is there a cleaner way to do this?
Thank you very much
--
PGR
- 2
- Junit tests, setting up tests without having to create a billion methodsJames McGill wrote:
> On Wed, 2006-02-15 at 19:42 +0000, Andrew McDonagh wrote:
>
>>email***@***.com wrote:
>>
>>>Is there a more dynamic way of setting up tests? We have legacy test
>>>code that we are trying to convert to junit.
>
>
> I really enjoyed using Fitnesse. A whole different idiom for testing,
> but very flexible and accessible to nonprogrammers.
>
> http://fitnesse.org/
>
>
> Anyway, it sounds like you're working backwards. You've already written
> the code you want to test, which is backwards from TDD, which sort of
> means JUnit isn't exactly the right tool for what you're doing. Still
> it occurs to me that you should be able to automatically generated
> wrappers for your legacy tests, and put those into a testsuite, and be
> done with the legacy stuff and move forward with JUnit.
>
>
>
Hi James,
You seem have have attributed the OPs remarks to me...
That being said, the OP is specifically talking about the case where we
have a legacy code base which wasn't tested with Junit - not that it
wasn't tested. There's no mention of whether TDD was used or not -
though I think we both suspect it wasn't and that the code base was
merely Unit Tested.
Unfortunately, working with legacy code is currently the most common
starting point on projects that adopt TDD. Greenfield projects using TDD
are still rare.
Also, keep in mind, whilst JUnit was developed as a tool to Aid TDD,
Beck et al do realise that some people won't or can't do TDD but still
need a decent Unit Testing tool.
As I'm sure you know - but as an aid for others - TDD is not Unit Testing.
TDD is actually a design methodology that happens to use unit tests to
describe the design. Much like RUP uses UML, etc. In fact this usage of
the term Test has causes so many to concentrate on the testing side of
TDD that some are now starting to question whether a better name could
be found.
e.g.
Behavior Driven Development (http://behaviour-driven.org/)
Specification Driven Development
etc.
Andrew
- 3
- eclipse, integrating crystal reports plugin with rcp appHello,
I have got a problem, I have to integrate Crystal Reports plugin with
my RCP app. I want Crystal Reports perspective aviable in my
application.
I've downloaded crystal reports plugin, and unpacked it to my_rcp_app
\plugins,
and I've run eclipse with -clear flag. but crystal reports plugin
isn't visible in Plug-In details window.
How can I cope with that problem ?
Is the any tutorial, or sth. about integrating plugins with RCP app ?
thanks a lot for any help
- 4
- TRYING TO CREATE A SIMPLE FORM. HELP HELP HELP!!!!trying to make a simple form, just an empty window with no button.
ive tried this
import javax.swing.*;
import java.awt.*;
import java.util.List;
import java.util.*;
public class Canvas
{
private static Canvas canvasSingleton;
public static Canvas getCanvas()
{
if(canvasSingleton == null) {
canvasSingleton = new Canvas("BlueJ Shapes Demo", 300, 300,
Color.white);
}
canvasSingleton.setVisible(true);
return canvasSingleton;
}
}
but it doesnt work :( any ideas guys?
- 5
- Open source Java on the way! (Re: BEA Weblogic blows away .NET, other J2EE servers in review by PC magazine)"codewriter" <email***@***.com> wrote in message news:<Swd1b.4631$email***@***.com>...
> Java days are numbered. Dot Net is going to take over. This is the reality.
> So, you guys better get some C# books before it is too late.
> Amen.
ROTFLOL!
how many times did i hear this from j++ guys awhiles back, and even
from some ASP and COM jocks in AT&T (where i worked) in 1997(?) or so.
guess what happened? i'm still laughing my way to the bank and they're
trying to figure out c#/vb.net - the old microsoft treadmill,
methinks....
http://www.angrycoder.com/article.aspx?cid=1&y=2003&m=7&d=17
believe me, java will still be here years from now when microsoft has
moved on to the next BIG THING (dragging along all the developer
baggage for the ride - most of whom will be c#/vb.net developers in
india, no doubt).
in the meantime, some interesting news:
it seems sun may not be so stupid after all, and is working very
closely with open source organizations like apache and red hat to
spread java.
after apache announced a few weeks ago that it would be creating its
own open source J2EE app server, red hat announced that it was
planning on an open source java, with sun's blessing.
http://www.freeroller.net/page/kalimantan/20030822#red_hat_and_sun_to
methinks microsoft is in very big trouble.
- 6
- [POLL] Dropping support for old SpiderMonkeysHi,
as JavaScript.pm development is moving again I'm considering dropping
support for older SpideyMonkey and focusing on 1.7 and later (the one
used in FF 2.0).
Instead on having to download and install SM manually I was planning
on putting up a source release of the SM 1.7 engine on my server and
add the possibility for Makefile.PL to download and install it.
Alternatively I can bundle the source with JavaScript.pm. You will
still however have the possibility to build against your own SM src.
This way we can better control availability of utf8, threading and
e4x (and future stuff too).
Does this sound like a good idea?
Thanks
/Claes
- 7
- Read the index of item with X value.On Mar 26, 10:42 pm, "Mariano" <email***@***.com> wrote:
> I've a ComboBox ..
>From where? There is no ComboBox in the JSE.
Are you perhaps referring to java.awt.Choice,
or javax.swing.JComboBox?
..
> How could I resolve?
1) Be specific about the classes used, rather
than simply 'making the names up, as you go along'
2) ..
Andrew T.
- 8
- jigsaw's jdbmI like that I can use the jigsaw outside if jdbm. For
writing j2me (personal java) that don't have any sort
of record manager on the device I want to also use
jdbm there. However jdbm requires some of the file
classes that are not universally available within
j2me. I don't have the error posting just now (stupid
me) from javac to show what's missing. Has anyone
worked through this or have another idea for an
embedded data (flatfile) manager for j2me?
Mike
- 9
- looking for some hands on experience... i have bought and read LEARNING JAVA by niemeyer
i loved it but find i need some hands on experience.
any help?
kevin
--
Sometimes I'm in a good mood.
Sometimes I'm in a bad mood.
When all my moods have cum to pass
i hope they bury me upside down
so the world can kiss me porcelain,
white, Irish bottom.
- 10
- Licence code storing for java appHello,
I want to create a app which will have something similar to licence
(i.e. user have to enter licence code to run the app). The problem
arises when I want to make it that user have to specify it only once.
So I need to store somewhere the information, that the app has already
been activated. I am thinking about main jar file (as something which
can work ,although it is nothing sophisticated), but when I add extra
characters at the end then my jar was corrupted :(. Do you know any
nice way to do this:)? Thank you!
Regards, mark
- 11
- Casting Object[]Hi :o)
I've created a useful routine that "appends" an Object on to the end of an
array of Object, creating a new array with slack space if there is not
enough space available (sort of like a light-weight Vector):
public static final Object[] append(Object[] buf, int buf_len, Object addxn,
int slack)
{
Object[] ptr = buf;
if (buf == null || (buf_len + 1) > buf.length)
{
ptr = new Object[buf_len + 1 + slack];
if (buf != null) System.arraycopy(buf, 0, ptr, 0, buf_len);
}
ptr[buf_len] = addxn;
return ptr;
}
Anyway, this works fine, no probs, etc.
I am having problems, however, casting Object[] onto String[] or any other
such cast. Even if, obviously, all the elements of the array are String.
Now, I can state straight off where the problem lies. If I choose a large
enough String[] buffer so that the appended String fits inside it, then the
returned array can be cast back onto String[] - however, if the buffer is
exceeded, and line 6 is executed (creating a new buffer) then it can no
longer be cast back onto String[].
Does that make sense?
Anyway, the question! Is there any way of creating an Object[] array
generically which is of the same type as the original array. In other words,
it would create a new String[] array or Color[] or Rectangle[] or whatever
as appropriate?
Is there a way of doing it by reflection??? (perhaps)
Cheers :o)
And if you don't understand what I going on about, just shout! (hehe) and
I'll try and explain better!
Will
- 12
- Getting ready for 1.5I'd like to prepare for JDK 1.5. I know that generics/templates
will be in there. Will standard Java classes be retofitted to
use this new feature as appropriate? I'm thinking of course
about the collections, but also wondering about stuff such as
the clone interface.
I also know that enums will be in there. (Because the bug status
changed to closed/fixed.) But in what form? There were at least
two JSRs for that last time I checked.
Thanks!
-Wayne
- 13
- What is a type error?Marshall <email***@***.com> wrote:
> David Hopwood wrote:
> > Marshall wrote:
> > > Mightn't it also be possible to
> > > leave it up to the programmer whether a given contract
> > > was compile-time or runtime?
> >
> > That would be possible, but IMHO a better option would be for an IDE to give
> > an indication (by highlighting, for example), which contracts are dynamically
> > checked and which are static.
> >
> > This property is, after all, not something that the program should depend on.
> > It is determined by how good the static checker currently is, and we want to be
> > able to improve checkers (and perhaps even allow them to regress slightly in
> > order to simplify them) without changing programs.
>
> Hmmm. I have heard that argument before and I'm conflicted.
>
> I can think of more reasons than just runtime safety for which I'd
> want proofs. Termination for example, in highly critical code;
> not something for which a runtime check will suffice. On the
> other hand the points you raise are good ones, and affect
> the usability of the language.
There doesn't seem to be a point of disagreement here. Programmers
often need to require certain properties to be checked at compile-time.
Others could go either way. There is no property that a program would
rationally desire to *require* be checked at runtime; that would only
occur because the compiler doesn't know how to check it at compile time.
--
Chris Smith - Lead Software Developer / Technical Trainer
MindIQ Corporation
- 14
- Simple While Loop problemJohn wrote:
> ththx.
>
> the code is wrong. months will be determined by the loan amount not just an
> arbitary number
>
>
> cheers
>
>
Can you not top-post please, John? It makes threads very hard to follow...
alex
- 15
- Run Excel Macro from JavaI want to run the macro present inside the excel sheet using the Java
code. Is is possible using Java code? Please help
|
|
|
