Right Karl. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Magdsick Sent: Tuesday, August 15, 2006 8:32 PM To: theory and practice of decentralized computer networks Subject: Re: [p2p-hackers] Security Issues
For clarity of discussion, please be more explicit about your threat model. I don't think the original poster was soliciting advice about implementing DRM or some other sort of scenario where the attacker is assumed to be able to execute arbitrary code in the address space of the application in question. Presumably, the poster was asking about preventing remote buffer overflows, remote heap overflows, remote format string vulnerabilities, remote memory leak DoS vulnerabilities, security logic errors, &c. On 8/15/06, Lemon Obrien <[EMAIL PROTECTED]> wrote: > > yeah...but with java you can easily do it...find the encryption class > you need...or get access to the data before encryption...just by > creating an extension of a known class and over-riding it's virtual > method....its not hard. I've done this plenty of times with > professional products like 'weblogic' commerce server...i wanted > funtionality from a class they provided. Of course when you do this; > you busting the warrenty...but who cares. > _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
