(keitai-l) Re: i-appli jar files hackable?

From: Konrad Hernblad <konrad_at_pobox.com>
Date: 03/18/01
Message-Id: <4.3.2-J.20010318133737.02d899f8@mail8.catv.ne.jp>
thank you ashish and kyle for your answers.

how would you go about detecting the presence of a gateway?

thanks.


At 11:52 01/03/18 +0900, you wrote:
>If your security model requires more robust i-mode detection, I suggest you
>also detect the presence of an i-mode gateway. This will exclude any
>emulator and all but the most sneaky of hacks.
>
>Kyle
>
>X-9 DESIGN LAB
>http://www.X-9.com
>
>-----Original Message-----
>From: keitai-l-bounce@appelsiini.net [mailto:keitai-l-bounce@appelsiini.
>net]On Behalf Of Ashish Agrawal
>
> >just wondering if it's possible for someone using a normal pc-based web
> >browser to access a site with an i-appli link and somehow download the
> >i-appli's jar file (by re-enterring the .jar file's url), retrieve the .jar
> >from the browser's cache directory, open the jar, reverse engineer
> >the .class files to expose the source code?
>
>yep, this is totally possible as with any other java code.
>
>
> >just wondering what security measures there are, besides doing an initial
> >USER_AGENT check and denying access to all non-i-appli clients?  is the
> >latter sufficient?
>
>User_agent check along with many other checks is not sufficient, since it
>could be very easily faked by a perl script or a java robot!
>
>
>
>[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
>


--------------
help the survivors of international disasters today: http://www.redcross.org/ 


[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Sun Mar 18 06:25:58 2001