File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes can i use obfuscator  to my web pplication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "can i use obfuscator  to my web pplication" Watch "can i use obfuscator  to my web pplication" New topic
Author

can i use obfuscator to my web pplication

saikrishna cinux
Ranch Hand

Joined: Apr 16, 2005
Posts: 689
hi, i want secure my webapplication which is deployed it in tomcat
the problem is it's an intranet application so the server is in client's hand he can redistribute the class files and jsp files to others so, i want to restrict the client to see the code by obfuscating my web application

can i do it by obfuscator software like retrogaurd or jode ?

is ther any other technique by which i should restrict the client not to open the application folder

please somebody help me
it's urgent


A = HARDWORK B = LUCK/FATE If C=(A+B) then C=SUCCESSFUL IN LIFE else C=FAILURE IN LIFE
SCJP 1.4
Praveen Babu
Ranch Hand

Joined: Jul 30, 2006
Posts: 138
Originally posted by saikrishna cinux:
the server is in client's hand he can redistribute the class files and jsp files to others


Hi,

If the client has access to the server then obfuscation is the only choice you have.

However, if possible and if you have access rights, you can even restrict the folder access using a software called "Folder Lock". This sofware asks for a password before accessing it.

Bye & Regards,
Praveen
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
The only way which gives total security is to never hand over the product to the client, and never install it (or place the sources) on any computer that anyone at all could ever gain access to in any way.
Essentially that means you should not write the application.

In practice proper licensing terms should suffice, especially if your client is a company.
After all, if he goes and pirates your product you know it came from them...


42
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3712
    
    5

I'm going to agree with Jeroen on the second point, in that if you license things properly, this shouldn't be a problem. If he steals your work, then you can sue (and if you're that worried you might not want to work with them).

One way to obfuscate your world somewhat though is to use servlets instead of (or with) JSPs. Since servlets can be compiled ahead of time, you don't have to give the source away in order to use them, whereas JSPs the source is the file. It doesn't mean don't use JSP's at all, but put most of your logic in servlets and/or utility classes.

Oh, and if you want to obfuscate the code further... well I've never *tried* to do this but I've seen plenty of examples of horribly written code that makes me think its possible to write code no one could read.


My Blog: Down Home Country Coding with Scott Selikoff
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42374
    
  64
+1 on what Jeroen said. For absolute security, don't give away class files - usable source code can always be recovered from them. For anything else, use obfuscation and make sure you have a proper business relationship with your client.
[ August 22, 2006: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
saikrishna cinux
Ranch Hand

Joined: Apr 16, 2005
Posts: 689
There is a good relationship with client but the problem is with the code which i 've installed as intranet application ineed to do that at any cost
so now can any one tell me how can i use obfuscation of a webapplication ?
here my application consits of jsp files also and after that i need to deploy it in the tomcat server
somebody told me that by obfuscating the application means it jumbles the code and also can change the path of the files and also directory structure

so if the directory(pakage) structure) changes then the jsp files which has got the path may need to be chnaged in order to run it properly


can any one please give me some better solution

thank's in advance
regards
cinux
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42374
    
  64
Obfuscation doesn't generally alter the package structure - you can tell the obfuscator not to do that. For the servlets you'll need to tell it not to change the method names of the servlet API methods.

ProGuard is one obfuscator I like. It doesn't address JSPs, but then, I know of no obfuscator that does. And, as Scott said, you shouldn't put business logic in JSPs to begin with.
Steve McClintic
Greenhorn

Joined: Jul 03, 2006
Posts: 14
Perhaps it is possible to pre-compile the JSP's and then do something with the results.

/Steve
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by saikrishna cinux:
....please somebody help me
it's urgent


saikrishna,
Please read:
http://faq.javaranch.com/view?EaseUp
to find out why putting "It's Urgent" in your post will be taken as an insult to others and usually result in slower responses.

In the same thread, you've stated both that it's urgent and that you have a good relationship with your client. If you have a good relationship with your client, obfuscating your code (which does nothing to prevent someone from using your class files) shouldn't be an urgent issue.
[ August 24, 2006: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Richard Green
Ranch Hand

Joined: Aug 25, 2005
Posts: 536
There is a good relationship with client but the problem is with the code which i 've installed as intranet application ineed to do that at any cost

i fail to understand why you want to obfuscate your code in the first place.


MCSD, SCJP, SCWCD, SCBCD, SCJD (in progress - URLybird 1.2.1)
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
Originally posted by Lynette Dawson:

i fail to understand why you want to obfuscate your code in the first place.


Many (especially fresh out of school) programmers have this idea that their code is brilliant and everyone would do almost anything to take a look at it and steal it for their own purposes.
Most more experienced programmers know this isn't so and don't bother.

Of course there are also managers who think that obfuscation will in some magic way cause customers to be honest and not use the product in ways that violate their license agreement.
Rusty Smythe
Ranch Hand

Joined: Aug 09, 2006
Posts: 93

Originally posted by saikrishna cinux:
so now can any one tell me how can i use obfuscation of a webapplication ?


Here you go: java obfuscation
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: can i use obfuscator to my web pplication