Christopher Robinson

Greenhorn
+ Follow
since Apr 15, 2006
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Christopher Robinson

Ah. No reasonable way, then.
17 years ago
I have a CGI script on the server which will save some data to a database. However, I want to ensure that this data originates with the applet, and not just someone telnetting in and submitting a POST request. I also want to ensure that the applet itself (not the data; I do recognize the need for protecting this too, but that's a topic for another question) has not been tampered with (I.E. decompiled and edited).
17 years ago
Close enough, yes.
17 years ago
MITM attacks were something I hadn't even considered, and I don't think I will; I doubt anyone would go to that much trouble to tamper the data. No, I'm more concerned about someone simply sending data to the server-side script; I want to ensure that the data comes from this applet, and that the applet itself hasn't been tampered with in any way.
17 years ago

You want to make something like an md5sum of a compiled method?

Loosely, yes. The object in memory is what needs to be checked, though, not the object as it's stored on the hard disk.

You could read the class-File and check that, or decompile it first, and then check.

Unfortunately, the aim is to ensure that a certain server-side script is being accessed by a clean, untampered applet. Thus, if I don't have a check on the object in memory, all other checks could be rendered useless.

What if the method is calling another method - do you need to check that recursively?

No, just the once.

Edwin: I need to check the methods themselves, not just their signatures. I have that already, by checking the Class object.

I may be barking up completely the wrong tree here; there may be a very easy way to do this. I don't know.
17 years ago
Is there any way of obtaining a checksum of a method? I've serialized a class and written it to a string (using the checksum of that string as an indication of purity), but it seems that it only includes method signatures, not any indication of whether the content of the methods is clean. Any way of getting hold of any property that would change if the code inside a method changed, or of serializing a Method object, would do nicely.

Thanks in advance,
Chris (Who's the other "Chris Robinson" around here?)
17 years ago
Two choices. For the simple "press enter to continue," you can just read a byte from System.in:However, for more complicated stuff, I'm lead to believe there's a Java-based ncurses implementation. I don't know if this will include support for DOS terminals.
17 years ago