简体繁体 English

java安全吗？

[英]Is java that secure?

原文 2010-03-24 05:14:37 0 9 java

java类文件是否可以被反编译并且需要第三方软件以任何方式进行混淆会损害安全性吗？

9 个解决方案

Only if you actually rely on security through obscurity, which is a bad idea regardless of the language or platform. 只有当你真的通过默默无闻地依赖安全性时，无论语言或平台如何，这都是一个坏主意。

If the code can be run, it can be reverse-engineered. 如果代码可以运行，则可以进行逆向工程。

Java security is mostly about protecting your machine from malicious code. Java安全主要是保护您的计算机免受恶意代码的侵害。

Not about protecting code from reverse-engineering. 不是保护代码免受逆向工程。

“如果它运行，它可以被破解”（在游戏中反盗版措施的背景下）

Yes and no... yes, if you compile any sorts of passwords into your Java program that you distribute, then yes, it will not be secure, but then again, this would be a terrible thing to do in any programming language... for example, in C++, you can recover strings that have been compiled into the program using the strings utility. 是和否...是的，如果您将任何类型的密码编译到您分发的Java程序中，那么是的，它将不安全，但是再一次，这在任何编程语言中都是一件可怕的事情。例如，在C ++中，您可以使用strings实用程序恢复已编译到程序中的字符串。

If there is any super secret thing that you do, then you should generally not distribute the JAR that does that super secret thing (although "security by obscurity" is generally not secure). 如果您有任何超级秘密的事情，那么您通常不应该分发执行超级秘密事务的JAR（尽管“默默无闻的安全”通常不安全）。 While there are certainly basic things that you need to know about security, and it is possible to shoot yourself in the foot with Java, the fact that Java can be decompiled really is not a major security disadvantage. 虽然你肯定需要了解一些关于安全性的基本知识，并且可以用Java来解决问题，但Java可以被反编译的事实并不是一个主要的安全劣势。 I should also note that, in general, you are less likely to experience security woes in Java given that Java protects you from out-of-bounds memory accesses, buffer overflows, dangling pointers, and other pointer manipulation problems. 我还应该注意到，一般来说，你不太可能遇到Java中的安全问题，因为Java可以保护你免受越界内存访问，缓冲区溢出，悬空指针和其他指针操作问题的困扰。

My simple opinion is that nothing in computing is 100% 我的简单看法是计算中没有任何东西是100％

Therefore, is something is created, that something can also be broken. 因此，创造了一些东西，也可以打破某些东西。

No, security is fine. 不，安全很好。

You're right, compiled Java code can be easily audited. 你是对的，编译后的Java代码可以很容易地进行审计。 However, building security schemes based on the assumption that no one will ever know how it works (no one will see the code) is a very bad practice. 但是，建立安全方案的前提是没有人会知道它是如何工作的（没有人会看到代码）是一种非常糟糕的做法。

Yes class file can be decompiled for some extent. 是的类文件可以在某种程度上反编译。 But you will not get the exact code after decompiling as so many constants, literal values etc.. will be directly substituted in the compiled class 但是在反编译之后你将无法得到确切的代码，因为这么多的常量，文字值等......将在编译的类中直接替换

Decompiling is basically a method to rewrite the code based on the by code.Yes it is a security threat so it is best to avoid sensitive information in the Java class. 反编译基本上是一种基于代码重写代码的方法。它是一种安全威胁，因此最好避免Java类中的敏感信息。 As far as the logic is considered, given time any application's logic can be guessed without actually decompiling it. 考虑到逻辑，给定时间可以猜测任何应用程序的逻辑而不实际反编译它。

Decompiling Java class is easy because java stores high level information to maintain portability. 反编译Java类很容易，因为java存储高级信息以保持可移植性。

可以反映到一个类文件中并查看大量数据，而不是所有内容都可用或编译到类文件中，甚至更多只是编译器糖。