I have made java application ( web pages using jsp) and i want to sell it to one of the clients , i am going to give them the war file of the application , i want to encrypt the war file so that they can not see the source code ........... is there any way to protect my source code ( java classes , web pages ......)
Even though you don't supply source files within war file , If the client wishes he can see the Code using Java De compilers like DJ .
There is no way you can stop him . (To be frank , If he pays money he has right to see )
Save India From Corruption - Anna Hazare.
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35239
7
posted
0
Ravi Kiran Va wrote:To be frank , If he pays money he has right to see
Only if licensing and/or purchase terms and conditions say so; otherwise not. And if the source code is not legally available, then it will generally be illegal to use a decompiler.
It has repeatedly been stated that real pirates only consider DRM as entertainment, and generally manage to crack protection fairly quickly. Obviously, if you use industrial-grade encryption, that wouldn't be directly true, but you'd have to provide a custom classloader to decrypt the code and that could be attacked, or the user could put a watch on the bytecode execution process.
As they say, "locks are for honest people". DRM costs money to implement, diverts resources from the development of the actual product (meaning that quality usually suffers), rarely stays secure for long, and tends to be abusive and annoying to the paying customers. Oh yeah, and it's a to do field debugging on.
In my case, it's pretty much a deal breaker. I buy eBooks from O'Reilly & Associates, precisely because they sell DRM-free books. I've been known on more that one occasion to pay a premium price for DRM-free software.
Customer surveys are for companies who didn't pay proper attention to begin with.
Luigi Plinge wrote:Try Proguard - it will compress and (indirectly) obfuscate your code - or you could try a dedicated code obfuscator.
Or how about turning your code into an applet so you don't have to give him the files at all.
Er, you do realize that applets function by downloading the code straight to the client!!!
I laugh at obfuscators. Back in the early 1980's I wanted to use Microsoft's MASM as the back-end to my C compiler of the day. As shipped, it didn't work. So I disassembled and de-obfuscated the assembly-language code by hand and patched it to do what I wanted. That was in the days before the DMCA.
In school, I disassembled IBM's FORTRAN runtime libraries and I still have the code in old notebooks. I did so much of that that I can disassemble IBM mainframe machine code in my head. Of course, since then, I've also acquired the source code to those libraries, since that was before IBM went OCO.
When I say "locks are for honest people", I'm not just quacking a party line. I'm speaking from experience.
Luigi Plinge wrote:Or how about turning your code into an applet so you don't have to give him the files at all.
Not so. When you run an applet in your browser, the applet's (executable) code is cached somewhere on your computer. It isn't hard for the pirate to find out where.
I'd also suggest that problems rarely arise from people being able to see your code. Even your source code. People still write Javascript applications even though their source code is right there in the browser for anybody to see. Google doesn't seem to be concerned that anybody can see their Google Maps code, for example. No, the problem usually arises when the pirate takes a copy of the application and gives it to somebody else. Which of course doesn't require looking into the files, whether they are source code or encrypted or whatever. It just requires copying the files.
I find it hard to believe that you have written a web application for a client which can be copied and installed -- and used -- somewhere else. Web applications are very rarely general-purpose applications, and the ones which are worth money to a customer are almost always written specifically for that customer.
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to
run our stuff on 16 servers instead of 3.
0
)
to do field debugging on.
