This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes manipulating the object pool Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "manipulating the object pool" Watch "manipulating the object pool" New topic
Author

manipulating the object pool

Adedeji Adedoyin
Greenhorn

Joined: Aug 12, 2011
Posts: 9
Since I started security courses in java....I have been thinking of an issue....is it not possible for a hacker to get into the object pool,and then manipulate things there like getting the key object or other manipulations ?
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

Adedeji Adedoyin wrote:Since I started security courses in java....I have been thinking of an issue....is it not possible for a hacker to get into the object pool,and then manipulate things there like getting the key object or other manipulations ?


This is a great question but you will have to spell out what you mean with a more specific example. What exactly do you mean by object pool (there are many implementations of "Object Pool") and what hacker? I mean, is he trying injection from a remote connection to your network or web application or does he have access to your system or have you sent him a program to his system?
Adedeji Adedoyin
Greenhorn

Joined: Aug 12, 2011
Posts: 9
For example....if we have the following key generation code

KeyGenerator key=
KeyGenerator.getInstance("DES");

KeyGen.init(56);
Key key =KeyGen.generateKey();


The main issue is not the heavy details of cryptography...but the question is if the randomly generated key object in the heap cannot be manipulated by a hacker(someone with a bad intention operating on the computer that executes the program )...for example,is it possible for him or her to access the key object in the heap therefore accessing the main key?.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: manipulating the object pool
 
Similar Threads
need help for a question
K&B book question page 267
difference between poll memory and non-poll memory?
question on GC
string function problem