[ale] running OPA (other people's apps) on my network
Michael B. Trausch
mbt at zest.trausch.us
Thu Jun 25 16:51:28 EDT 2009
On Thu, 25 Jun 2009, Jim Kinney wrote:
> Ask your company legals if _your_ company will be held liable if
> _their_ app opens a security hole and "bad things happen".
In my experience, most companies (especially small businesses) will say "eh,
whatever," and let whatever happens, happen. The percieved risk is too low to
require any sort of action.
> Get a java decompiler, use it and send the decompile back to them and
> tell them you will compile "that" code and run it. (OK. I'm being
> bull-headed here).
Absolutely on this. I would run it through one and read the sources myself.
It's not going to be as informative as reading the source code that was used
to *build* the software, but it will still give you an idea of what the
software is doing. This is one of the major strengths of "managed code", it
can be much more easily reversed than native code because more metadata is
preserved in the process of compilation for managed code systems like the JVM
or the CLI than in native code systems.
--- Mike
More information about the Ale
mailing list