Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

encryption of war file

 
Suresh Khant
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All ,

I have made java application ( web pages using jsp) and i want to sell it to one of the clients , i am going to give them the war file of the application , i want to encrypt the war file so that they can not see the source code ........... is there any way to protect my source code ( java classes , web pages ......)

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65218
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your war file shouldn't have any Java source files in it.

But the class files and other resource cannot be encrypted if you expect them to be able to use the war archive.

You'll need to develop licensing terms that both you and your customer can live with.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even though you don't supply source files within war file , If the client wishes he can see the Code using Java De compilers like DJ .

There is no way you can stop him . (To be frank , If he pays money he has right to see )
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ravi Kiran Va wrote:To be frank , If he pays money he has right to see

Only if licensing and/or purchase terms and conditions say so; otherwise not. And if the source code is not legally available, then it will generally be illegal to use a decompiler.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My guess would be that your client is probably not interested in stealing your code, they just want it to work.

Then of course there is the practical problem of decrypting on the fly - probably slow up the app and make you look bad.

Bill
 
Tim Holloway
Saloon Keeper
Posts: 18303
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It has repeatedly been stated that real pirates only consider DRM as entertainment, and generally manage to crack protection fairly quickly. Obviously, if you use industrial-grade encryption, that wouldn't be directly true, but you'd have to provide a custom classloader to decrypt the code and that could be attacked, or the user could put a watch on the bytecode execution process.

As they say, "locks are for honest people". DRM costs money to implement, diverts resources from the development of the actual product (meaning that quality usually suffers), rarely stays secure for long, and tends to be abusive and annoying to the paying customers. Oh yeah, and it's a to do field debugging on.

In my case, it's pretty much a deal breaker. I buy eBooks from O'Reilly & Associates, precisely because they sell DRM-free books. I've been known on more that one occasion to pay a premium price for DRM-free software.
 
Luigi Plinge
Ranch Hand
Posts: 441
IntelliJ IDE Scala Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try Proguard - it will compress and (indirectly) obfuscate your code - or you could try a dedicated code obfuscator.

Or how about turning your code into an applet so you don't have to give him the files at all.
 
Tim Holloway
Saloon Keeper
Posts: 18303
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Luigi Plinge wrote:Try Proguard - it will compress and (indirectly) obfuscate your code - or you could try a dedicated code obfuscator.

Or how about turning your code into an applet so you don't have to give him the files at all.


Er, you do realize that applets function by downloading the code straight to the client!!!

I laugh at obfuscators. Back in the early 1980's I wanted to use Microsoft's MASM as the back-end to my C compiler of the day. As shipped, it didn't work. So I disassembled and de-obfuscated the assembly-language code by hand and patched it to do what I wanted. That was in the days before the DMCA.

In school, I disassembled IBM's FORTRAN runtime libraries and I still have the code in old notebooks. I did so much of that that I can disassemble IBM mainframe machine code in my head. Of course, since then, I've also acquired the source code to those libraries, since that was before IBM went OCO.

When I say "locks are for honest people", I'm not just quacking a party line. I'm speaking from experience.
 
Paul Clapham
Sheriff
Posts: 21416
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Luigi Plinge wrote:Or how about turning your code into an applet so you don't have to give him the files at all.


Not so. When you run an applet in your browser, the applet's (executable) code is cached somewhere on your computer. It isn't hard for the pirate to find out where.

I'd also suggest that problems rarely arise from people being able to see your code. Even your source code. People still write Javascript applications even though their source code is right there in the browser for anybody to see. Google doesn't seem to be concerned that anybody can see their Google Maps code, for example. No, the problem usually arises when the pirate takes a copy of the application and gives it to somebody else. Which of course doesn't require looking into the files, whether they are source code or encrypted or whatever. It just requires copying the files.

I find it hard to believe that you have written a web application for a client which can be copied and installed -- and used -- somewhere else. Web applications are very rarely general-purpose applications, and the ones which are worth money to a customer are almost always written specifically for that customer.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic