[Dailydave] Java

[Dave Aitel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Eagle wrote:
> Dave Aitel wrote:
>> Here I am, spending all day writing code in a language that is
>> statically typed. It's like eating all your food with a good
>> helping of sand. How does one convert a byte[] buf; into a String
>> so you can send it down the wire using a DataOutputStream class?
>> Oooh, let's chain a bunch of converters together. Blimey!
>>
>
> What is your goal on the remote side?  Does it need to unmarshall
> as a Java String? Or are you just trying to get the bytes on the
> wire?
>
> former: dos.writeUTF(new String(buf)); later:  dos.write(buf);
>
> How many/what type of converters do you feel compelled to use?
>
> Chris

Essentially, for all the web languages, I need a simple platform
independent callback backdoor. We have a reasonably good one for PHP,
which is great for PHP injection attacks, but we don't have one for
Java. It's an annoying problem, because you have to write your source
code to be Java 1.0-5.0 compliant, and, of course, size has to be
minimal. gcj is helping though, since it's nicely installed by default
these days.

Of course, the backdoor has to play nicely with the CANVAS framework,
which means I can't do things like "writeUTF" and "readUTF" - not only
would that be slow since the network ends have to while
(data[:-2]!="\x00\x00"): recv(1); but the client side is Python.

Then again, in Python, with a Unicode string, does len() return the
number of characters or the byte size? (answer: characters, just like
Java) Unicode is a huge problem for us these days. If you hack a
Japanese Windows box, we want to be able to display all the kanji for
you.But this requires extensive fun with fonts.

- -dave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFFWcIqB8JNm+PA+iURAoUCAJ9TCc8k6t8tVGXkMROygEbvLyCTywCcCCjT
1eKzcL83kM/OLuwFyDXYudQ=
=DW4e
-----END PGP SIGNATURE-----