Change Java Class At Runtime [on hold]

0 投票
最新提问 用户: (200 分)

I've recently read something about rules for developing more secure Java code. There are guidelines about securing Java code. Something like using final, limiting access to anything and etc.

My question is, how can someone access to my code in run-time, after compiling and deploy it on server and change my methods (or Classes)?

And if it is possible, how can it be done?

发表于 用户: (220 分)
Read about classloaders and bytecode manipulation.
发表于 用户: (300 分)
Reflection can also circumvent certain restrictions, even if bytecode of the target class is not tampered with. In general, untrusted code (including bytecode) should not run in the same process as trusted sensitive code.
发表于 用户: (200 分)
@rkosegi I meant how can he get my source code when it's deployed and then change a class or two, or add another class to it?
发表于 用户: (220 分)
@Hamid : what source code? to manipulate your class no source is needed. Did you read about bytecode manipulation?

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。