aspose file tools*
The moose likes Security and the fly likes manipulating the object pool Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "manipulating the object pool" Watch "manipulating the object pool" New topic
Author

manipulating the object pool

Adedeji Adedoyin
Greenhorn

Joined: Aug 12, 2011
Posts: 9
Since I started security courses in java....I have been thinking of an issue....is it not possible for a hacker to get into the object pool,and then manipulate things there like getting the key object or other manipulations ?
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

Adedeji Adedoyin wrote:Since I started security courses in java....I have been thinking of an issue....is it not possible for a hacker to get into the object pool,and then manipulate things there like getting the key object or other manipulations ?


This is a great question but you will have to spell out what you mean with a more specific example. What exactly do you mean by object pool (there are many implementations of "Object Pool") and what hacker? I mean, is he trying injection from a remote connection to your network or web application or does he have access to your system or have you sent him a program to his system?
Adedeji Adedoyin
Greenhorn

Joined: Aug 12, 2011
Posts: 9
For example....if we have the following key generation code

KeyGenerator key=
KeyGenerator.getInstance("DES");

KeyGen.init(56);
Key key =KeyGen.generateKey();


The main issue is not the heavy details of cryptography...but the question is if the randomly generated key object in the heap cannot be manipulated by a hacker(someone with a bad intention operating on the computer that executes the program )...for example,is it possible for him or her to access the key object in the heap therefore accessing the main key?.
 
Don't get me started about those stupid light bulbs.
 
subject: manipulating the object pool