If your security model requires more robust i-mode detection, I suggest you
also detect the presence of an i-mode gateway. This will exclude any
emulator and all but the most sneaky of hacks.
Kyle
X-9 DESIGN LAB
http://www.X-9.com
-----Original Message-----
From: keitai-l-bounce@appelsiini.net [mailto:keitai-l-bounce@appelsiini.
net]On Behalf Of Ashish Agrawal
>just wondering if it's possible for someone using a normal pc-based web
>browser to access a site with an i-appli link and somehow download the
>i-appli's jar file (by re-enterring the .jar file's url), retrieve the .jar
>from the browser's cache directory, open the jar, reverse engineer
>the .class files to expose the source code?
yep, this is totally possible as with any other java code.
>just wondering what security measures there are, besides doing an initial
>USER_AGENT check and denying access to all non-i-appli clients? is the
>latter sufficient?
User_agent check along with many other checks is not sufficient, since it
could be very easily faked by a perl script or a java robot!
[ Did you check the archives? http://www.appelsiini.net/keitai-l/ ]
Received on Sun Mar 18 04:41:06 2001