A pre-processor for #ifdef / #endif
[220 byte] By [DavidThia] at [2007-10-1 18:01:24] 
Hi;Anyone know of a pre-processor that can handle #ifdef in our java code? We have a customer (a bank) that wants no logging in the libraries we deliver to them for security reasons.? - thanks - dave
«« What IDE is best for development
»» how to upload the files of a directory to a server at one time?
»» how to upload the files of a directory to a server at one time?
make the logging levels configurable and change the configuration before delivery.
jwentinga at 2007-7-11 12:38:31 >
> Anyone know of a pre-processor that can handle #ifdef> in our java code? Most preprocessors will do that.You may want to give your source files extensions other than .java (prior to running through the preprocessor).
tschodta at 2007-7-11 12:38:31 >
I can't use logging levels because they don't want the ability even there - an employee could change the logging level. If logging is not in there, then that is not a worry.
I can't use another extension as then running the code from IntelliJ becomes a problem - and it doesn't even know my files are java files.
Any other ideas?
thanks - dave
DavidThia at 2007-7-11 12:38:31 >
http://forum.java.sun.com/thread.jspa?forumID=31&threadID=583820 http://forum.java.sun.com/thread.jspa?threadID=633884&messageID=3678519
BIJ001a at 2007-7-11 12:38:31 >
> I can't use logging levels because they don't want
> the ability even there - an employee could change the
> logging level. If logging is not in there, then that
> is not a worry.
Well, they could also sneak in a disassembler or a kernel debugger and figure out what's going on that way.
In case of such requirements the best thing to do is to take a baseball bat and kick some common sense into the persons making them.
jwentinga at 2007-7-11 12:38:31 >
Nothing is totally secure. However, running a debugger on a secure machine is a lot harder that turning on logging and copying the log file.
And the second part is - if a customer wants something and it's doable, doesn't add complexity, and makes sense (see first paragraph), then why not give it to them.
In 2-1/2 years of shipping the product, we have never needed a customer to turn on logging. But we do need it internally. So using #ifdef to remove it from the shipping code makes a lot of sense.
But, still no clean way to do it where my files on disk are .java so IntelliJ handles them correctly but it also can pre-process them when compiling... :(
thanks - dave
DavidThia at 2007-7-11 12:38:31 >
Shipping code that's different from the code you tested (as you do when you recompile without logging code before shipping) is dangerous.
I've had applications fail because of timing problems when a single line was removed, and then there's the very real risk of placing too much inside a conditional compile block, something you'd never notice in testing.
jwentinga at 2007-7-11 12:38:31 >
private final static boolean NEED_LOGGING = true ; // could be false too
//...
void foo() {
if (NEED_LOGGING) {
log ("whatever" + is + needed);
}
}
BIJ001a at 2007-7-11 12:38:31 >
yes, but that's not safe.
Someone could easily hack the classfile and change the boolean to true...
Best way of course is to go to a service architecture where the application is never run on the end user machines but on a server hosted in a controlled environment and only the results are sent to the clients (probably in the form of a web application).
In that scenario you can log all you want if you lock up the server room and trust the people who have the key (who are usually more trusted than the programmers so that should be no problem).
jwentinga at 2007-7-11 12:38:31 >
> yes, but that's not safe.> Someone could easily hack the classfile and change the boolean to true...No. When the variable is set to false at compile time, the depending stuff will not be compiled along.
BIJ001a at 2007-7-11 12:38:31 >
The following source compiled and then decompiled with jad provides:
public class foo
{
private final static boolean NEED_LOGGING = false;
void foo( String is, Object needed )
{
if ( NEED_LOGGING )
{
log( "whatever " + is + needed );
}
doit( needed );
if ( NEED_LOGGING )
{
log( "whatever " + is + " done" );
}
}
void doit( Object needed )
{
}
void log( String what )
{
if ( NEED_LOGGING )
{
System.err.println( what );
}
}
}
// Decompiled by Jad v1.5.8f. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3)
// Source File Name:foo.java
public class foo
{
public foo()
{
}
void foo(String s, Object obj)
{
doit(obj);
}
void doit(Object obj)
{
}
void log(String s)
{
}
private static final boolean NEED_LOGGING = false;
}
BIJ001a at 2007-7-11 12:38:31 >
Developer Tools New Topic
Developer Tools Hot Topic
- hs_err_pid424 error for J2re1.4.2_08 someone one has?
- HeadlessException is not caught!
- Virus Java\Byte Verify
- Beginning JNI
- java date + calendar problem
- how can you detect (from a script file) that javac found problems?
- can javac warn about unused imports?
- compiling application (with several sub-packages) from another java app
Developer Tools
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding