No, but the code to decipher the supplied key could be exposed, and
with this information, it is easy enough to figure out how to
generate new keys (depending upon how the keys are validated)
also, with the code exposed, it is a simple matter to just bypass any
key checking altogether.
-jason
On May 16, 2006, at 2:02 PM, Mark O'Neill wrote:
On 16 May 2006, at 20:47, Jason Essington wrote:
Unless I am mistaken, that is exactly what this bug means!
Or at least that is what it means to at least one developer I've
talked with.
Are you saying that the developer had the key generator code
in his class instead of just checking the key against an MD5 hash
for example? If that's the case then that in itself is bad practice
as you should never - under any circumstance - have code in
your class / app that can generate key codes.
All the best,
Mark.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
