Article 738 of comp.lang.java.security:
Markus Peter wrote:

> Well... one of the problems is, that .class files have to be named after
> the Class name which is hardcoded in the class. Most browser have cryptic
> names for their cache files. This simple fact would destroy any attack.
> (Though I have to admit that I don't know how .class files are handled
>  in the cache...)
> 
There is a simple method (pointed out to me by Jimmy Aitken) of looking
at the Netscape cache and identifying which "cryptic name" belongs to
which class name: one pulls down the Netscape browser file menu, clicks
on "Open Location" and then types in "about: cache".  Everything in the
cache is revealed with more detail maybe then you would ever want...

For example, poking around in my current cache I find that:

http://www.dtai.com/javasig/animation/CompImage.class

is currently stored as:

.netscape/cache/05/cache324042A501700CF.class

Recovering and playing with these files can be automated, as is
explained in:

http://www.best.com/~rmlynch/app-lift.html

Bob L.
-- 
Robert Lynch-Berkeley CA USA-rmlynch@best.com