(keitai-l) Re: Hacking Java sites

From: Bill Volk <bvolk_at_teknikcorp.com>
Date: 09/02/03
Message-ID: <000401c37174$5700c880$9865fea9@bvolk> 
Jason's comments below do a better job of explaining what I was getting
at.

We have some titles in development (for the U.S. J2ME MIDP 1.0 phones)
and they rely heavily on server side processing.

1. An IM/Chat client.  The server actually connects to the various IM
services, since these phones only offer HTTP connections.  This also
reduces the size of the client because we only need to implement one
client/server protocol for the phone ... our own.

2. Multiplayer games.  Game play is resolved on the server, client is
mainly a graphics terminal.

Bill Volk
Teknik

(P.S. Looking for contacts in Japan for marketing these titles).


-----Original Message-----
From: keitai-l-bounce@appelsiini.net
[mailto:keitai-l-bounce@appelsiini.net] On Behalf Of Jason Pollard
Sent: Monday, September 01, 2003 12:35 PM
To: keitai-l@appelsiini.net
Subject: (keitai-l) Re: Hacking Java sites


Extending #2 below, what many people don't realize (potential clients
please
note :^), is that an iAppli that can do anything interesting is more
than a
client-side java program.  iApplis nowadays are so small that there's
usually
no room for anything other than GUI code.  Even then there may not be
enough
resources on the client, and the client app would consult the server to
generate, for example, a stock chart.  A typical _system_ would include
server
side code, which is generally designed exlusively for the mini-client. 
Although better architected solutions will work with other clients such
as
fat-client GUI, SOAP, Web clients, etc.  The system is as secure as the
platform it's built on and the dudes who administer it.  So, while
someone may
be able to download and decompile the client-side java code, they may
only be
getting a small part of the information they need to copy your service.
You
would need to worry about someone decompiling the code to learn the
server-side
API and then creating a copycat program of your original client.  At
this
moment I can't think of anything you could do to prevent that.

#1 below, obfuscators are really only useful for reducing code size. 
Obfuscated code is just an annoying speed bump for someone who really
wants to
copy your code.

--jason




--- Bill Volk <bvolk@teknikcorp.com> wrote:
> 
> I think there are two main steps you can take to prevent this.
> 
> 1. Use code obsufcators and compressors to make the code harder to
> de-compile.
> 
> 2. Have the software access assets from a server via. HTTP and use
some
> sort of authentication scheme to verify that the software is a
> legitimate purchase.
> 
> Bill Volk
> Teknik


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

This mail was sent to address bvolk@teknikcorp.com
Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/
Received on Tue Sep 2 20:03:16 2003