Answer the question
In order to leave comments, you need to log in
N
N
Neutro2013-12-18 21:49:42
Neutro, 2013-12-18 21:49:42
How to protect yourself from injections in the JVM?
I administer the projects of the famous cubic sandbox. Recently, craftsmen have appeared who install cheats on the client by changing the rt.jar library ( dropmefiles.com/LbvNV here is the modified jar file, the sun.misc.URLClassPath class has been changed - it loads the C:\a.jar file). How to deal with this other than carrying your version of the JVM around with you and if there is no other way out, how to make it the least painful? Thanks in advance for any help.
3 answer(s)
@Neutro
@OnYourLips
A
afiskon, 2013-12-20 @Neutro
If the option of pushing the logic to the server does not work, you can implicitly validate rt.jar. For example, take the result of executing some methods, which should be zero in the non-cracked version, and add this to the calculations in some other part of the program. If the "craftsmen" miss one of these checks (there should be more than one of them), then the program with the substituted rt.jar will work, as it were, but crash from time to time.
There are other defenses as well. There are many articles on the topic, google it.
O
OnYourLips, 2013-12-18 @OnYourLips
It is obvious: to check the admissibility of the client's action on the server.
Similar questions
E
B
P
A
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question