my dog learned polymorphism*
The moose likes Servlets and the fly likes encryption of war file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "encryption of war file" Watch "encryption of war file" New topic
Author

encryption of war file

Suresh Khant
Ranch Hand

Joined: Feb 27, 2010
Posts: 118
Hi All ,

I have made java application ( web pages using jsp) and i want to sell it to one of the clients , i am going to give them the war file of the application , i want to encrypt the war file so that they can not see the source code ........... is there any way to protect my source code ( java classes , web pages ......)

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60741
    
  65

Your war file shouldn't have any Java source files in it.

But the class files and other resource cannot be encrypted if you expect them to be able to use the war archive.

You'll need to develop licensing terms that both you and your customer can live with.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

Even though you don't supply source files within war file , If the client wishes he can see the Code using Java De compilers like DJ .

There is no way you can stop him . (To be frank , If he pays money he has right to see )


Save India From Corruption - Anna Hazare.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41040
    
  43
Ravi Kiran Va wrote:To be frank , If he pays money he has right to see

Only if licensing and/or purchase terms and conditions say so; otherwise not. And if the source code is not legally available, then it will generally be illegal to use a decompiler.


Ping & DNS - my free Android networking tools app
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12756
    
    5
My guess would be that your client is probably not interested in stealing your code, they just want it to work.

Then of course there is the practical problem of decrypting on the fly - probably slow up the app and make you look bad.

Bill
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15950
    
  19

It has repeatedly been stated that real pirates only consider DRM as entertainment, and generally manage to crack protection fairly quickly. Obviously, if you use industrial-grade encryption, that wouldn't be directly true, but you'd have to provide a custom classloader to decrypt the code and that could be attacked, or the user could put a watch on the bytecode execution process.

As they say, "locks are for honest people". DRM costs money to implement, diverts resources from the development of the actual product (meaning that quality usually suffers), rarely stays secure for long, and tends to be abusive and annoying to the paying customers. Oh yeah, and it's a to do field debugging on.

In my case, it's pretty much a deal breaker. I buy eBooks from O'Reilly & Associates, precisely because they sell DRM-free books. I've been known on more that one occasion to pay a premium price for DRM-free software.


Customer surveys are for companies who didn't pay proper attention to begin with.
Luigi Plinge
Ranch Hand

Joined: Jan 06, 2011
Posts: 441

Try Proguard - it will compress and (indirectly) obfuscate your code - or you could try a dedicated code obfuscator.

Or how about turning your code into an applet so you don't have to give him the files at all.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15950
    
  19

Luigi Plinge wrote:Try Proguard - it will compress and (indirectly) obfuscate your code - or you could try a dedicated code obfuscator.

Or how about turning your code into an applet so you don't have to give him the files at all.


Er, you do realize that applets function by downloading the code straight to the client!!!

I laugh at obfuscators. Back in the early 1980's I wanted to use Microsoft's MASM as the back-end to my C compiler of the day. As shipped, it didn't work. So I disassembled and de-obfuscated the assembly-language code by hand and patched it to do what I wanted. That was in the days before the DMCA.

In school, I disassembled IBM's FORTRAN runtime libraries and I still have the code in old notebooks. I did so much of that that I can disassemble IBM mainframe machine code in my head. Of course, since then, I've also acquired the source code to those libraries, since that was before IBM went OCO.

When I say "locks are for honest people", I'm not just quacking a party line. I'm speaking from experience.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Luigi Plinge wrote:Or how about turning your code into an applet so you don't have to give him the files at all.


Not so. When you run an applet in your browser, the applet's (executable) code is cached somewhere on your computer. It isn't hard for the pirate to find out where.

I'd also suggest that problems rarely arise from people being able to see your code. Even your source code. People still write Javascript applications even though their source code is right there in the browser for anybody to see. Google doesn't seem to be concerned that anybody can see their Google Maps code, for example. No, the problem usually arises when the pirate takes a copy of the application and gives it to somebody else. Which of course doesn't require looking into the files, whether they are source code or encrypted or whatever. It just requires copying the files.

I find it hard to believe that you have written a web application for a client which can be copied and installed -- and used -- somewhere else. Web applications are very rarely general-purpose applications, and the ones which are worth money to a customer are almost always written specifically for that customer.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: encryption of war file
 
Similar Threads
how to avoid sending the sorce code.
Cannot login into tomcat
problem running webapp on remote server
HTTP Status 404 - /Struts2Application1/clientAction + Please help
How to make a jar file of web application