Menu
▾
▴
jython-users
|
From: Daniel L. <da...@br...> - 2001-04-11 22:05:01
|
Maybe I am missing somethign here and I certainly don't know the details of
what you are doing nor what your are trying to accomplish, but I thiink
circumventing the security model for Jython/Java is an ugly, uncreative, and
dangerous way to do anything. You should rethink the security mechanism
implementation to somehow include the key in the pre-jar code and then jar
it up so the check sum is correct. Or use another type of file in the
CLASSPATH since the JVM doesn't need to read it and it's just a key why are
you jaring it at all?
Otherwise anyone using your code is opening up a security hole a truck could
drive through. This sounds like something M$ would do ;-) (that's a joke
don't get offended)
----- Original Message -----
> Message: 4
> Date: Tue, 10 Apr 2001 11:12:47 -0400
> From: D-Man <ds...@ri...>
> To: jyt...@li...
> Subject: [Jython-users] "bad" jars
>
>
> I want to use jython to interactively test some Java work I did.
> Unfortunately for this situation, jython caches all jar information
> and skips any jar that is corrupt. My Java work consists of storing
> some information (license key) in a jar in the CLASSPATH. Of course,
> doing this (in the only way I could come up with) causes that
> particular file to be "corrupt" because it no longer matches the CRC
> checksum or the compression algorithm. This is acceptable because
> this file is never loaded by the JVM, but read directly by my code.
>
> When I want to test it with Jython, jython doesn't load the jar
> because it is "bad". As a result I don't get any of the classes that
> are defined in the jar.
>
> Is there a way to turn off jython's processing and caching of the
> jar's information so I can use this modified (err, hacked <wink>) jar?
> If not, I can write some Java code to run through some tests.
>
> Thanks,
> -D
>
>
>
> --__--__--
>
> Message: 5
> From: Rafael Harispe <rha...@to...>
> To: jyt...@li...
> Date: Tue, 10 Apr 2001 14:34:11 -0300
> Subject: [Jython-users] select module not found in Jython
>
> Hello, i{m a beginner with Jython and I am trying whit a socket server
> program with miltithread.
> I found that secket.recv method block the thread, so I am trying to use de
> select.select method, jython interpreter say...
> ImportError: no module named select
>
>
> Thanks a lot, and nice to meet you!!!
>
> PD: sorry, my English is not good.
>
>
>
> --__--__--
>
> Message: 6
> Date: Tue, 10 Apr 2001 14:40:55 -0500
> To: Rafael Harispe <rha...@to...>,
> jyt...@li...
> From: brian zimmer <bz...@zi...>
> Subject: Re: [Jython-users] select module not found in Jython
>
> Rafael,
>
> select() is not supported in Java so in order to get the same
functionality you'll have to resort to a JNI implementation, such as the one
at:
>
> http://www.cs.berkeley.edu/~mdw/proj/java-nbio/
>
> Java uses a multi-threaded approach to handle multiple concurrent
transactions.
>
> brian
>
> At 02:34 PM 4/10/2001 -0300, Rafael Harispe wrote:
> >Hello, i{m a beginner with Jython and I am trying whit a socket server
> >program with miltithread.
> >I found that secket.recv method block the thread, so I am trying to use
de
> >select.select method, jython interpreter say...
> >ImportError: no module named select
> >
> >
> >Thanks a lot, and nice to meet you!!!
> >
> >PD: sorry, my English is not good.
> >
> >
> >_______________________________________________
> >Jython-users mailing list
> >Jyt...@li...
> >http://lists.sourceforge.net/lists/listinfo/jython-users
>
>
>
>
> --__--__--
>
> Message: 7
> Date: Wed, 11 Apr 2001 11:47:32 -0700
> From: Jim Adrig <ji...@tr...>
> Organization: Resource Management Systems
> To: Jyt...@li...
> Subject: [Jython-users] Re: Finding documentation (was [Jython-dev]
overlooked details)
>
> I'm moving this to 'users' so readers there can see it too...most of the
> 'dev' guys read 'users' too...
>
> Jayson Baird wrote:
> >
> > hehe I didn't know of execfile's existence.. there's no real
documentation
> > for jython available... yet :)
>
> I know it's hard to find it all sometimes, so here's some tips. There
> actually IS a lot available, just not a lot of 'easy-to-digest' samples,
> etc. The API refs are mostly there (at least at the 'top-level'),
> although they are sometimes brief.
>
> I dragged the following shortcuts to the documentation onto my desktop
> for quick access:
>
> C:/<installdir>/Jython/Doc/index.html
> C:/<installdir>/Jython/Doc/api/index.html
>
> For example, to find 'exec' and 'execfile': Library Reference, Index
> button, 'e'. Notice this exits to the original Python docs. (of course
> you could just shortcut these directly...)
>
> Using the second link (Jython API): click PythonInterpreter on the left,
> and there's 'exec' and 'execfile' (although with NO details: those are
> in the Python docs ;^)...)
>
> If you using JBuilder, be sure and set up your 'Documentation' tab in
> the 'Configure Libraries' screen ( mine is set to
> 'C:/<installdir>/Jython/Doc/api' ). That way you can just put the cursor
> over a class keyword (PythonInterpreter, PyOjbect, etc) OR any instance
> of the class ('interp', etc) and <ctl>-<enter> to the source, then click
> on the 'Doc' tab and POOF! You're there!...
>
> If you use JBuilder this instant access to Source and Docs can't be
> beat!
>
> --
> __o
> Jim Adrig _ \<,_
> ji...@tr... ' `/ ' `
> ___________ `-' `-'
>
>
>
> --__--__--
>
> _______________________________________________
> Jython-users mailing list
> Jyt...@li...
> http://lists.sourceforge.net/lists/listinfo/jython-users
>
>
> End of Jython-users Digest
>
|
|
From: D-Man <ds...@ri...> - 2001-04-11 23:12:44
|
On Wed, Apr 11, 2001 at 03:04:51PM -0700, Daniel Lord wrote: | Maybe I am missing somethign here and I certainly don't know the details of | what you are doing nor what your are trying to accomplish, but I thiink | circumventing the security model for Jython/Java is an ugly, uncreative, and | dangerous way to do anything. You should rethink the security mechanism | implementation to somehow include the key in the pre-jar code and then jar | it up so the check sum is correct. Or use another type of file in the | CLASSPATH since the JVM doesn't need to read it and it's just a key why are | you jaring it at all? The product consists of an SDK and a runtime. For "Trial" versions the user will enter a key provided by the sales team into the SDK. The SDK needs to save the key somehow. Normal jar creation doesn't work because (at least on windows) renaming the new temp jar to the proper name fails -- the VM is using the file already. My solution is to look through the CLASSPATH to find the proper jar (the path to it) and open it as a RandomAccessFile. Then I walk through the jar until I find the spot I want and read/write the key as binary data. The idea is to have the key stored in the (runtime) jar file so the potential customer can try out the runtime. I already tried putting it in a file in the user's home directory, but that didn't work -- some potential customers are using windows and each vm has it's own idea of what the "home" directory is ; some other users were on Unix and used one account in the lab for development and a different one for deployment. The VM doesn't need that particular file, but putting it anywhere but in the jar seems pretty messy. The security that this mechanism is supposed to provide is simply to prevent people from stealing the product without purchasing a license. Of course, any really determined person will step through the execution and hack around it. I hope this clears up what I was looking for. -D |
|
From: Nick C. <ni...@sr...> - 2001-04-12 13:59:25
|
Java provides an API for dealing with jar files in the java.util.jar package. Perhaps using this API would allow you to accompilsh what you are trying to do. They are only part java 1.2 though. Nick On Wed, Apr 11, 2001 at 07:11:42PM -0400, D-Man wrote: > On Wed, Apr 11, 2001 at 03:04:51PM -0700, Daniel Lord wrote: > | Maybe I am missing somethign here and I certainly don't know the details of > | what you are doing nor what your are trying to accomplish, but I thiink > | circumventing the security model for Jython/Java is an ugly, uncreative, and > | dangerous way to do anything. You should rethink the security mechanism > | implementation to somehow include the key in the pre-jar code and then jar > | it up so the check sum is correct. Or use another type of file in the > | CLASSPATH since the JVM doesn't need to read it and it's just a key why are > | you jaring it at all? > > The product consists of an SDK and a runtime. For "Trial" versions > the user will enter a key provided by the sales team into the SDK. > The SDK needs to save the key somehow. Normal jar creation doesn't > work because (at least on windows) renaming the new temp jar to the > proper name fails -- the VM is using the file already. My solution is > to look through the CLASSPATH to find the proper jar (the path to it) > and open it as a RandomAccessFile. Then I walk through the jar until > I find the spot I want and read/write the key as binary data. The > idea is to have the key stored in the (runtime) jar file so the > potential customer can try out the runtime. I already tried putting > it in a file in the user's home directory, but that didn't work -- > some potential customers are using windows and each vm has it's own > idea of what the "home" directory is ; some other users were on Unix > and used one account in the lab for development and a different one > for deployment. > > The VM doesn't need that particular file, but putting it anywhere but > in the jar seems pretty messy. > > The security that this mechanism is supposed to provide is simply to > prevent people from stealing the product without purchasing a license. > Of course, any really determined person will step through the > execution and hack around it. > > I hope this clears up what I was looking for. > > -D > > > > _______________________________________________ > Jython-users mailing list > Jyt...@li... > http://lists.sourceforge.net/lists/listinfo/jython-users -- Nick Collier Social Science Research Computing University of Chicago http://repast.sourceforge.net |
|
From: D-Man <ds...@ri...> - 2001-04-12 18:12:05
|
On Thu, Apr 12, 2001 at 09:01:00AM -0500, Nick Collier wrote: | Java provides an API for dealing with jar files in the java.util.jar | package. Perhaps using this API would allow you to accompilsh what you | are trying to do. They are only part java 1.2 though. I tried this API already. It basically allows you to create a new jar, then rename it to overwrite the old one. This doesn't work in my case because the jar file I want to overwrite is in use by the jvm. The rename fails, at least on windows. This is why I use a RandomAccessFile instead. -D |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X