s********n
发帖数: 90 | 1
是不是java的Cryptography扩展库的source是不公开的。想看看内部实现的代码,在JDK1
我是初学者,有点看还是不懂你的答复.
既然是proprietary,是不是sun就肯定不开放provider的SPI接口source,但是不是开放AP
I的source了呢?
我的问题详细是
我下载的JDK1.4中,可以打开例如,JAVA.AWT的类代码,但对于jce.jar和sunjceprovider.j
ar里面的类例如javax.crypto.cipher和就找不到对应的代码.
推广开来,是不是带com.sun.*的包就不带代码呢? | m******t
发帖数: 2416 | 2
AP
我下载的JDK1.4中,可以打开例如,JAVA.AWT的类代码,但对于jce.jar和sunjceprovider.j
I think that's correct. Also as far as encryption related stuff is
concerned, I can imagine there would also be the export control issue
that prevents Sun from distributing the source code.
【在 s********n 的大作中提到】
:
: 是不是java的Cryptography扩展库的source是不公开的。想看看内部实现的代码,在JDK1
: 我是初学者,有点看还是不懂你的答复.
: 既然是proprietary,是不是sun就肯定不开放provider的SPI接口source,但是不是开放AP
: I的source了呢?
: 我的问题详细是
: 我下载的JDK1.4中,可以打开例如,JAVA.AWT的类代码,但对于jce.jar和sunjceprovider.j
: ar里面的类例如javax.crypto.cipher和就找不到对应的代码.
: 推广开来,是不是带com.sun.*的包就不带代码呢?
| s********n
发帖数: 90 | 3 How can you trust sun's code for cipher if you cannot see what is going on
inside and if any trick in its library.
I do not know if anyone can use its library for sensitive communications
without knowdge of source. How people or companys deal with this case?
Any clues, Thanks | m******t
发帖数: 2416 | 4
Well how can you trust anything if you have to see
its source code first? 8-) Let's say you manage to find
the source code for Sun's package, how do you know the JVM
isn't doing anything funny?
【在 s********n 的大作中提到】
: How can you trust sun's code for cipher if you cannot see what is going on
: inside and if any trick in its library.
: I do not know if anyone can use its library for sensitive communications
: without knowdge of source. How people or companys deal with this case?
: Any clues, Thanks
| s********n
发帖数: 90 | 5
You are right, it is hard for trust. But it also hard to ignore trust for
critical apps. Maybe that is why some opensource alternatives are initiated.
Anyway, it is so nice talking this with you.
【在 m******t 的大作中提到】
:
: Well how can you trust anything if you have to see
: its source code first? 8-) Let's say you manage to find
: the source code for Sun's package, how do you know the JVM
: isn't doing anything funny?
|
|
