• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Browser based intranet web application: feasibilty study

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there experts.

First of all I am very new to the java technology.
My company have asked myself and another of my colleagues to do a product for Gem / Jewellery market to handle stock / purchase / sales / accounts etc.

Normally a web application can be hosted in a secure public web server.

But in our case it is installed in our client's office on a normal PC and can be accessed from other computers in the local network.
Or it could just be installed on a single computer.

Our tools selection are as follows:

Tools for programming logic: Java + JSP + Servlet

Webserver + Application server (servlet container): Apache Tomcat

User interface: DHTML + Javascript + AJAX + CSS

Further more we want to provide the user with a simple installer package.

+ Can the installation be done very smoothly using an installer package for the above selected tools (java JRE + tomcat + java, jsp & other files)?. (Or will we be getting emails + calls from the our clients all the time?)

Code security:

+ Can we make our code (jsp + java files & related javascript + css files) secure and not available (or at least difficult to read) for a savvy programmer in the client's office

Thanks for all your inputs in advance.

Regards,
Hameed
[ September 04, 2007: Message edited by: Faheem Hameed ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

The problem sounds like there might be a database involved, but there's nothing like that in your list ... ? Or were you planning to use an embedded Java database like HSQLDB or Derby? If access to an existing database server is involved, that would complicate the setup.

As to code security, there is no way (and should be no need) to secure CSS and JavaScript. While there are ways to make it harder to recover JSP files, that shouldn't be necessary, because JSPs should not contain any code. As to Java classes, you can ship those without source, and obfuscate them beforehand. But that will not prevent a determined attacker from recovering the source code.

There are various Java installers available you could check out (I think one is called Install Anywhere). Tomcat isn't hard to install -basically just an unzip of a directory, and maybe setting some environment variables- so that should not be hard to set up.
 
Faheem Hameed
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,

Thanks a lot for your reply.

Yeah I have really missed to say about the database.
We still have not decided about the db yet. But it would most probably be Derby in the embedded mode. We are not going to connect to an existing database server.

OK. I agree that there is no way to secure the CSS/Javascript. I am fine with that.

I will obfuscate the Java files prior to the distribution of the software. Thanks for the advice. All I need is to make the decoding process for the hacker very difficult. If a hacker really tries hard to break our code then it does not matter for us.

I am a newbie to JSP and I am going to start learning from now on only. But still want to know how to make recovery of JSP files a bit harder for a hacker. I have just looked around the internet but could not find a right tool for it. Even though we are not going to put most of the logic within the jsp files, I still want to protect it. So please advise.

On Tomcat you said that it is just an unzip of the directory. I hope I can configure the installer to do it. But is it a simple task to install Tomcat as a Windows service or a deamon in Linux / Mac? But mostly our target clients are Windows users.

Thanks a lot for your help on this!!

Hameed
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Faheem Hameed:

I am a newbie to JSP and I am going to start learning from now on only. But still want to know how to make recovery of JSP files a bit harder for a hacker. I have just looked around the internet but could not find a right tool for it. Even though we are not going to put most of the logic within the jsp files, I still want to protect it. So please advise.



If you build your app using an MVC architecture there will be nothing of value to to hacker in your JSPs.

Grab any of the demo apps on my site and browse the JSPs.
http://simple.souther.us
You'll find nothing more than HTML, and a few JSTL tags.
All the real work gets done in the Java classes.

Also, JSPs can be precompiled.
If you do this, there is no need to ship the JSP source code.
[ September 06, 2007: Message edited by: Ben Souther ]
 
Faheem Hameed
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I just learned about the MVC in the wikipedia.
I suppose we must develop using the concept of MVC that would make a large solution simpler to read.

As per your advice compiling the JSP (+ obfuscate) before delivering the solution to client. I understand the normally the webserver compiles the JSP in to java classes for the first time and process the java classes only.

Thanks a lot for your help Ben!!

Hameed
 
reply
    Bookmark Topic Watch Topic
  • New Topic