Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

providing security to webapp folder  RSS feed

 
Bharat Sankannanavar
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys,
I need your help to finish up my assignment. I have JSP application naming myProject ,which has been deployed in webapp folder in tomcat. I want to provide security for myProject folder. I mean, I want to protect it from copying by someone else. Is there any way to do the same. I tried by hiding the folder using one of hiding software, but when I do that, I was not able to access those files in web browser. Please help me to get over this headache. Thanks in advance.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Who would this attacker be - a system administrator for the machine where the app runs? The only way around that would be a root account to which only you have access - this will cost you a fair amount of money each month. Otherwise, if you don't trust the sys admins, you may want to look for a different hosting arrangement.

Users don't have access to JSPs and class files, but I'm sure you know that. So start by thinking about a) what resources you want to protect, and b) from whom you want to protect those resources.
 
Bharat Sankannanavar
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Ulf Dittmer: Its not like attackers accessing the PC. Let me explain in a better way. I have developed an application and I have deployed it in client's system. Now I dont want the others to copy it from that client's system and use it for their own purpose. Let me know if any other method could work for preventing the same other than protecting webapp folder.
 
K. Tsang
Bartender
Posts: 3624
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it's a web app, why need to deploy to "client" system? Don't end users (clients) access your web app through the browser?

Or your app is NOT a web app....
 
Bharat Sankannanavar
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@K. Tsang: Its an OFFLINE jsp application
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using "attackers" in the security sense: anyone who wants subvert, or misuse, or steal data, or code, from your system.

So your app runs a on client's computer, and you don't really trust that client. That's a tough situation. My first response would be: why does it run on the client's computer? The whole point of web apps is that you can run them wherever you want. If you run them on a hosted environment that's under your control, this problem goes away. Plus, your customer doesn't have to worry about installing and maintaining a web app they don't really understand. Plus, you can make improvements whenever they're ready. That's what I call a win-win scenario.

If for some reason (which one?) the app still needs to run under the control of the client, then any attempt to stop them from getting at your code is ultimately doomed. The value of JSPs of course is zero to begin with, because they only include the view layer, and the Java code can be decompiled; obfuscation merely makes that harder. This scenario is a matter of making the proper provisions (NDA, code ownership etc.) in the contract with your client.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!