At 05:17 AM 04/05/2002, steven.sporenza.pwcglobal.com wrote:
>Hi,
>
>I was wondering what people's thoughts are regarding the security of code
>written in JAVA, I recently reverse engineered a product with a freely
>available JAVA decoder and found that it produced code with variable names
>imports etc, making it very easy to find out how it hung together. Could
>this be construed as a security flaw with JAVA?

I wouldn't call it a flaw, but its definitively a deterrent to using JAVA
in certain situations.

Your comments are the *exact* reason why I use c/c++ instead of JAVA for
certain applications. Of course I understand that binary executables
compiled from c/c++ can be disassembled and reverse engineered too. But it
is orders of magnitude more difficult to do, and there's far less people
capable of doing such a thing.

James Washer said...
>> security-through-obscurity

The choice to use c/c++ instead of JAVA is in deed an choice to ADD
obscurity on top of real security. Obscurity can be a good thing so long
as it's not the ONLY thing your security relies on.

- hawk

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]