-2

I am currently developing an android application where it can scan qr codes and grab data out of it.

If the qr code is a java coding string, for example : int a; , can i save this string into a method, or even a class and turn it into a java code and run it afterwards?

45726963
  • 9
  • 4
  • 2
    Yes, it is possible, but it sounds like an enormous security headache! – Andy Turner Feb 02 '15 at 08:38
  • If you meant the security of the code, the data in the qr code is gonna be some general data that is supposedly able to be view by anyone so security measurements is not necessarily. – 45726963 Feb 02 '15 at 08:53
  • 1
    I mean that you have to be incredibly careful executing code from untrusted sources. You have to expect and guard against malicious code in that data, e.g. what happens if I scan a QR code containing the string `System.exit(0);` or that recursively deletes `/`. – Andy Turner Feb 02 '15 at 09:04

1 Answers1

0

See answers to this question for details about how to compile code at runtime.

But I'd strongly advise against it unless you have some means of trusting the code that you are going to compile and execute, or have some means of executing the code in a sandbox/jail, in order that malicious code cannot be injected.

Community
  • 1
  • 1
Andy Turner
  • 137,514
  • 11
  • 162
  • 243