Is java that secure?
Question
java类文件是否可以被反编译并且需要第三方软件以任何方式进行混淆会损害安全性吗?
9 answers
solution1
12 2010-03-24 05:19:52
Only if you actually rely on security through obscurity, which is a bad idea regardless of the language or platform.
If the code can be run, it can be reverse-engineered.
solution2
6 2010-03-24 05:22:11
Java security is mostly about protecting your machine from malicious code.
Not about protecting code from reverse-engineering.
solution3
5 2010-03-24 05:21:35
“如果它运行,它可以被破解”(在游戏中反盗版措施的背景下)
solution4
4 ACCPTED 2010-03-24 05:22:32
Yes and no... yes, if you compile any sorts of passwords into your Java program that you distribute, then yes, it will not be secure, but then again, this would be a terrible thing to do in any programming language... for example, in C++, you can recover strings that have been compiled into the program using the strings utility.
If there is any super secret thing that you do, then you should generally not distribute the JAR that does that super secret thing (although "security by obscurity" is generally not secure). While there are certainly basic things that you need to know about security, and it is possible to shoot yourself in the foot with Java, the fact that Java can be decompiled really is not a major security disadvantage. I should also note that, in general, you are less likely to experience security woes in Java given that Java protects you from out-of-bounds memory accesses, buffer overflows, dangling pointers, and other pointer manipulation problems.
solution5
2 2010-03-24 05:21:03
My simple opinion is that nothing in computing is 100%
Therefore, is something is created, that something can also be broken.
solution6
2 2010-03-24 05:21:16
No, security is fine.
You're right, compiled Java code can be easily audited. However, building security schemes based on the assumption that no one will ever know how it works (no one will see the code) is a very bad practice.
solution7
1 2010-03-24 05:20:59
Yes class file can be decompiled for some extent. But you will not get the exact code after decompiling as so many constants, literal values etc.. will be directly substituted in the compiled class
solution8
1 2010-03-24 05:21:21
Decompiling is basically a method to rewrite the code based on the by code.Yes it is a security threat so it is best to avoid sensitive information in the Java class. As far as the logic is considered, given time any application's logic can be guessed without actually decompiling it.
Decompiling Java class is easy because java stores high level information to maintain portability.
solution9
0 2010-03-24 05:21:46
可以反映到一个类文件中并查看大量数据,而不是所有内容都可用或编译到类文件中,甚至更多只是编译器糖。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.