Vulnerability Development mailing list archives
Re: JAVA more insecure than true compiled code?
From: Hack Hawk <hugh () hackhawk net>
Date: Sat, 06 Apr 2002 10:49:37 -0800
At 05:17 AM 04/05/2002, steven.sporen () za pwcglobal com wrote:
Hi, I was wondering what people's thoughts are regarding the security of code written in JAVA, I recently reverse engineered a product with a freely available JAVA decoder and found that it produced code with variable names imports etc, making it very easy to find out how it hung together. Could this be construed as a security flaw with JAVA?
I wouldn't call it a flaw, but its definitively a deterrent to using JAVA in certain situations.
Your comments are the *exact* reason why I use c/c++ instead of JAVA for certain applications. Of course I understand that binary executables compiled from c/c++ can be disassembled and reverse engineered too. But it is orders of magnitude more difficult to do, and there's far less people capable of doing such a thing.
James Washer said... >> security-through-obscurityThe choice to use c/c++ instead of JAVA is in deed an choice to ADD obscurity on top of real security. Obscurity can be a good thing so long as it's not the ONLY thing your security relies on.
- hawk
Current thread:
- JAVA more insecure than true compiled code? steven.sporen (Apr 05)
- RE: JAVA more insecure than true compiled code? The Picard (Apr 07)
- Re: JAVA more insecure than true compiled code? -l0rt- (Apr 08)
- <Possible follow-ups>
- Re: JAVA more insecure than true compiled code? James Washer (Apr 05)
- Re: JAVA more insecure than true compiled code? Charles Bell at home (Apr 06)
- Re: JAVA more insecure than true compiled code? Hack Hawk (Apr 07)
- Re: JAVA more insecure than true compiled code? dirk . dussart (Apr 08)