• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

manipulating the object pool

 
Adedeji Adedoyin
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since I started security courses in java....I have been thinking of an issue....is it not possible for a hacker to get into the object pool,and then manipulate things there like getting the key object or other manipulations ?
 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Adedeji Adedoyin wrote:Since I started security courses in java....I have been thinking of an issue....is it not possible for a hacker to get into the object pool,and then manipulate things there like getting the key object or other manipulations ?


This is a great question but you will have to spell out what you mean with a more specific example. What exactly do you mean by object pool (there are many implementations of "Object Pool") and what hacker? I mean, is he trying injection from a remote connection to your network or web application or does he have access to your system or have you sent him a program to his system?
 
Adedeji Adedoyin
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For example....if we have the following key generation code

KeyGenerator key=
KeyGenerator.getInstance("DES");

KeyGen.init(56);
Key key =KeyGen.generateKey();


The main issue is not the heavy details of cryptography...but the question is if the randomly generated key object in the heap cannot be manipulated by a hacker(someone with a bad intention operating on the computer that executes the program )...for example,is it possible for him or her to access the key object in the heap therefore accessing the main key?.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic