N*D
发帖数: 3641 | 1 JAVA code的Security是如何保证的?比如是加密解密的代码,如何能使reverse engin
eer更难获取源码?Encryption据说不work;Obfuscator效果也不佳,it就是把名字变了
变而已。请教各位大侠,有更好的方法吗? |
o***g
发帖数: 2784 | 2 即便你编译成机器码,不还是0day就有破解么?
java程序一般是服务器端的。服务器安全,就是script也不怕。
engin
变了
【在 N*D 的大作中提到】
: JAVA code的Security是如何保证的?比如是加密解密的代码,如何能使reverse engin
: eer更难获取源码?Encryption据说不work;Obfuscator效果也不佳,it就是把名字变了
: 变而已。请教各位大侠,有更好的方法吗?
|
m******t
发帖数: 2416 | 3
engin
变了
Are you worried about your java code being reverse engineered and stolen, or
are you worried about your encryption algorithm being decompiled and
cracked?
【在 N*D 的大作中提到】
: JAVA code的Security是如何保证的?比如是加密解密的代码,如何能使reverse engin
: eer更难获取源码?Encryption据说不work;Obfuscator效果也不佳,it就是把名字变了
: 变而已。请教各位大侠,有更好的方法吗?
|
g*****g
发帖数: 34805 | 4 It's the encryption key, which is a secret long random number, makes
encryption secure. Bouncy castle is even open source, we are using it
in production. And we are a company on email security. You can wiki
PKI to understand more.
engin
变了
【在 N*D 的大作中提到】
: JAVA code的Security是如何保证的?比如是加密解密的代码,如何能使reverse engin
: eer更难获取源码?Encryption据说不work;Obfuscator效果也不佳,it就是把名字变了
: 变而已。请教各位大侠,有更好的方法吗?
|
N*D
发帖数: 3641 | 5 是的。但公司每个人都有访问权限,而key都是明码的,这样好像还是不太好啊。呵呵。
【在 o***g 的大作中提到】
: 即便你编译成机器码,不还是0day就有破解么?
: java程序一般是服务器端的。服务器安全,就是script也不怕。
:
: engin
: 变了
|
N*D
发帖数: 3641 | 6 I don't want to expose the encryption algorithm and the key to people who
want to use it. Is there any way to do this? Thanks.
engin
变了
Are you worried about your java code being reverse engineered and stolen, or
are you worried about your encryption algorithm being decompiled and
cracked?
【在 m******t 的大作中提到】
:
: engin
: 变了
: Are you worried about your java code being reverse engineered and stolen, or
: are you worried about your encryption algorithm being decompiled and
: cracked?
|
m******t
发帖数: 2416 | 7
Security through obscurity never works. You can't stop people from reverse-
engineering your algorithm. All you can do is thinking of a better way to
to protect the key - for a starter, don't keep it in your build script. 8-)
【在 N*D 的大作中提到】
: I don't want to expose the encryption algorithm and the key to people who
: want to use it. Is there any way to do this? Thanks.
:
: engin
: 变了
: Are you worried about your java code being reverse engineered and stolen, or
: are you worried about your encryption algorithm being decompiled and
: cracked?
|
g*****g
发帖数: 34805 | 8 The best way is to use an asynmmetric encryption like PKI and keep your
private key safe.
【在 m******t 的大作中提到】
:
: Security through obscurity never works. You can't stop people from reverse-
: engineering your algorithm. All you can do is thinking of a better way to
: to protect the key - for a starter, don't keep it in your build script. 8-)
|
