Protecting Applet Class Files from Tempering by Users
posted 6 years ago
I am not quite familiar with Java's security model and just wondering is it possible for a server to protect the applet .class files from being tempered by the users, say by signing the applet and do not try to run it if it has been modified. I am talking about the server detecting the user tempering the byte codes (the .class files), not about the security manager the users use to protect their machine from untrusted code.
What I tried to do was to use the java.lang.instrument API and some byte code modification tools (Javassist) to instrument the constructors of the applet class files of a web site (some sort of applet game). I simply inserted a System.out.println("hello world") in every constructor of all the applet class files from the applet game. I was able to do the same thing on other web sites and the modified constructors was able to be executed - hello world printed in the java console whenever the applet class files were instantiated. But for that applet game web site, the modified constructors were not executed at all and there was no exception/error message shown in the java console. I know that game should be heavily protected from tempering by gamers (say changing the object representing the character's health/weapon). But I am not sure if this is something that can be intentionally done or just some programming errors I made myself.