I wasnt sure so i did a quick test, and it looks like it would be pretty easy to find the String if it was hard coded into the applet:
here is some of the bytecode generated: ()V <init> Code LineNumberTable Ljava/lang/String; SourceFile TestApplet TestApplet.java This is a hidden String destroy hidden init java/applet/Applet start stop 1 so you wouldnt need to disassemble it, just look at it in a text editor. Although you would have to know what you were looking for i guess. hope this helps dave
Though you could make a decryptor function in your program, and make another program to encrypt all the strings you wanted and then go hand code all the encrypted versions of the strings you want into your program... Though it's a little bit of overkill... this way it would be alot harder for someone using your applet to break down the decryptor function in the class file to decrypt the string themselves. HTH, -Nate
Write once, run anywhere, because there's nowhere to hide! - /. A.C.
posted 19 years ago
Hi All, Thanks for your replies. In addition to the above, I've also found a site for someone who calls himself Java Jeff. He sells a piece of code that will disassemble a class file. I'm sure there are others. So... even if I encrypt the strings, as Nate suggested, an attacker could easily disassemble the class file and discover the decryption algorythm, and thereby the secrets. I guess the bottom line is that sensitive data should never be hard coded into a class file. Regards, Vernon