I am currently using javassist to manipulate byte code at runtime for my appserver. I am not creating methods or changing prototype nor creating additional member variables. Are there any security policies or any other ways to block runtime byte code manipulations.
Asked
Active
Viewed 379 times
1 Answers
0
The user obviously has final control over which code they run on their machine. If you don't want people to run an altered version of your code on your server, don't give them access to your server.
Antimony
- 37,781
- 10
- 100
- 107
-
Yeah that is obvious. But I want to know are there any ways to control byte code manipulations through enabling security manager or some parameters to JVM. – Sainath Sarma Jul 03 '15 at 05:39
-
@SainathSarma What is your attack model? It's hard to tell what you're trying to do. – Antimony Jul 03 '15 at 06:04
-
I am working on a project for app servers like Tomcat, where end users can add loggers on the fly to debug their issues. So I just want to check are there any ways to disable Instrumentation which is a counteract to this project. – Sainath Sarma Jul 03 '15 at 07:08
-
1What's the problem with users debugging their own server? – Antimony Jul 03 '15 at 14:19