Hack Proofing Your Web Applications

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form.
| Q. | Why would I want to create my own class loader? | |
| A. | Classes that your program uses are loaded automatically from the class path directory. Through object serialization it is possible to receive objects from another source. But what if the object needs to use or create another class that does not exist in your class path? In this case, if your program tries to use the class it will not find it in the class path. The class will need to be loaded into the JVM using a class loader of your own. | |
| Q. | Does the byte-code verifier check if the code has been altered? | |
| A. | No it doesn t. The byte-code verifier just checks your code for everything the compiler checks. For example, is the code trying to access a private variable? Are all the variables initialized? If someone alters the byte-code but it still conforms to the compiler checks, then the code be executed by the JVM. In order to make sure that it hasn t been changed, either a message digest or a digital signature must be used. | |
| Q. |