使一行代码难以阅读
我正在编写一种方法来检查客户序列号是否与我的硬编码号匹配。有没有一种方法可以使代码尽可能难以阅读,以防不受欢迎的人获得代码?
我在java工作。
例如(伪代码)
如果 (x != y) 跳出代码并返回错误
干杯,如果这有点奇怪,请道歉
Im writing a way of checking if a customers serial number matches my hard coded number. Is there a way of making this as hard to read as possible in case an undesirable gets their hands on the code?
I am working in java.
For instance (pseudo code)
if (x != y) jump out of code and return error
Cheers , apologies if this is a bit of an odd one
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
通过默默无闻来确保安全始终是一个坏主意。你不需要避免它,但你不应该仅仅信任它。
使用您在服务启动时输入的密钥加密您的序列号,或者仅将序列号指定为十六进制或 base64,而不是 ASCII。
Security through obscurity is always a bad idea. You don't need to avoid it, but you should not trust solely on it.
Either encrypt your serials with a key you type in at startup of the service, or just specify the serials as hex or base64, not ASCII.
执行此操作的正常方法是使用哈希。
根据定义,从哈希中几乎不可能推断出原始代码。
The normal way to do this would be to use a hash.
By definition, a from the hash it's almost impossible to deduce the original code.
为了避免被黑客攻击而让代码看起来很复杂是没有任何帮助的!
Making the code look complex to avoid being hacked never helps!
您可以尝试 SHA1 或其他一些单向加密(MD5 不太安全,但相当不错)。不要这样做:
这样做:
因此代码读取器只能看到加密的(并且非常非常难以解密)值。
You can try SHA1 or some other one-way encrypting (MD5 not so secure but it's pretty good). Don't do this:
Do this:
So the code-reader only can see an encrypted (and very very very difficult to decrypt) value.
纠结发布代码的控制结构?
例如,在不同变量下的代码中的随机点输入数字,并在某个随机点使它们等于 x 和 y?
http://en.wikipedia.org/wiki/Spaghetti_code
Tangle the control structure of the released code?
e.g feed the numbers in at a random point in the code under a different variable and at some random point make them equal x and y?
http://en.wikipedia.org/wiki/Spaghetti_code
有一篇关于代码混淆的维基百科文章。也许那里的技巧可以帮助你 =)
There is a wikipedia article on code obfuscation. Maybe the tricks there can help you =)
您可以实现其他不会暴露硬编码序列号的方法,而不是尝试使代码变得复杂。
尝试将硬编码数字作为加密字节数组存储在某个永久位置。这样它就不可读了。为了进行比较,使用相同的算法对客户端序列号进行加密并进行比较。
Instead of trying to make the code complex, you can implement other methods which will not expose your hard-coded serial number.
Try storing the hard coded number at some permanent location as encrypted byte array. That way its not readable. For comparison encrypt the client serial code with same algorithm and compare.