This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Class based impersonation

 
Tay Thotheolh
Ranch Hand
Posts: 84
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi. I have a theoretical problem here. is it possible for a class to impersonate it's identity ? E.g. Class A attempts to access Class B methods. Class B methods uses a getClass().getName(); method to attempt to check Class A to ensure it is who it is. Can impersonation take place ? e.g. Class C impersonates Class A to get pass the getclass().getName(); Class B uses for checks ?

If Class B wants to implement getClass().getName() for checks effective on the sample method below, how do I implement it properly in the sample code below ?



The above example is a simulation of a plugin applet in the system trying to access an internal key server database in the system.
 
Steven van der Baan
Owasp member
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To answer your first question:
It is possible to do impersonation. This is an 'flaw' from the classloader. If I create another Class A which has the same FQN as the one that you are refering to, and i load mine before all your Classes (A an B), your A class will not be loaded due to the fact that the classloader already has A class named 'Class A'. If your Class B then checks the FQN it can't determine if it is the Class A it requires like in your example, or the one that I loaded first and in your example I would get access to the private key.

A possible method to avoid it, is not just rely on the name, but also use a method inside the Class A which return a specific value you expect. This will prevent me to extend your Class A and use the same name.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic