• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

can i use obfuscator to my web pplication

 
Ranch Hand
Posts: 689
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi, i want secure my webapplication which is deployed it in tomcat
the problem is it's an intranet application so the server is in client's hand he can redistribute the class files and jsp files to others so, i want to restrict the client to see the code by obfuscating my web application

can i do it by obfuscator software like retrogaurd or jode ?

is ther any other technique by which i should restrict the client not to open the application folder

please somebody help me
it's urgent
 
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by saikrishna cinux:
the server is in client's hand he can redistribute the class files and jsp files to others



Hi,

If the client has access to the server then obfuscation is the only choice you have.

However, if possible and if you have access rights, you can even restrict the folder access using a software called "Folder Lock". This sofware asks for a password before accessing it.

Bye & Regards,
Praveen
 
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The only way which gives total security is to never hand over the product to the client, and never install it (or place the sources) on any computer that anyone at all could ever gain access to in any way.
Essentially that means you should not write the application.

In practice proper licensing terms should suffice, especially if your client is a company.
After all, if he goes and pirates your product you know it came from them...
 
author
Posts: 4335
39
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm going to agree with Jeroen on the second point, in that if you license things properly, this shouldn't be a problem. If he steals your work, then you can sue (and if you're that worried you might not want to work with them).

One way to obfuscate your world somewhat though is to use servlets instead of (or with) JSPs. Since servlets can be compiled ahead of time, you don't have to give the source away in order to use them, whereas JSPs the source is the file. It doesn't mean don't use JSP's at all, but put most of your logic in servlets and/or utility classes.

Oh, and if you want to obfuscate the code further... well I've never *tried* to do this but I've seen plenty of examples of horribly written code that makes me think its possible to write code no one could read.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
+1 on what Jeroen said. For absolute security, don't give away class files - usable source code can always be recovered from them. For anything else, use obfuscation and make sure you have a proper business relationship with your client.
[ August 22, 2006: Message edited by: Ulf Dittmer ]
 
saikrishna cinux
Ranch Hand
Posts: 689
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a good relationship with client but the problem is with the code which i 've installed as intranet application ineed to do that at any cost
so now can any one tell me how can i use obfuscation of a webapplication ?
here my application consits of jsp files also and after that i need to deploy it in the tomcat server
somebody told me that by obfuscating the application means it jumbles the code and also can change the path of the files and also directory structure

so if the directory(pakage) structure) changes then the jsp files which has got the path may need to be chnaged in order to run it properly


can any one please give me some better solution

thank's in advance
regards
cinux
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Obfuscation doesn't generally alter the package structure - you can tell the obfuscator not to do that. For the servlets you'll need to tell it not to change the method names of the servlet API methods.

ProGuard is one obfuscator I like. It doesn't address JSPs, but then, I know of no obfuscator that does. And, as Scott said, you shouldn't put business logic in JSPs to begin with.
 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Perhaps it is possible to pre-compile the JSP's and then do something with the results.

/Steve
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by saikrishna cinux:
....please somebody help me
it's urgent



saikrishna,
Please read:
http://faq.javaranch.com/view?EaseUp
to find out why putting "It's Urgent" in your post will be taken as an insult to others and usually result in slower responses.

In the same thread, you've stated both that it's urgent and that you have a good relationship with your client. If you have a good relationship with your client, obfuscating your code (which does nothing to prevent someone from using your class files) shouldn't be an urgent issue.
[ August 24, 2006: Message edited by: Ben Souther ]
 
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

There is a good relationship with client but the problem is with the code which i 've installed as intranet application ineed to do that at any cost


i fail to understand why you want to obfuscate your code in the first place.
 
Jeroen T Wenting
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Lynette Dawson:

i fail to understand why you want to obfuscate your code in the first place.



Many (especially fresh out of school) programmers have this idea that their code is brilliant and everyone would do almost anything to take a look at it and steal it for their own purposes.
Most more experienced programmers know this isn't so and don't bother.

Of course there are also managers who think that obfuscation will in some magic way cause customers to be honest and not use the product in ways that violate their license agreement.
 
Ranch Hand
Posts: 93
Mac Objective C Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by saikrishna cinux:
so now can any one tell me how can i use obfuscation of a webapplication ?



Here you go: java obfuscation
reply
    Bookmark Topic Watch Topic
  • New Topic