T
Tiwkiz
I am looking for some way to protect the source code for ejbs
SK
SK
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
Daniel Pitts
Hire a bodyguard. j/k.Tiwkiz said:I am looking for some way to protect the source code for ejbs
SK
What do you mean by 'protect the source code'? Prevent it from being
modified? Prevent it from being obtained? Something else?
T
Tiwkiz
I want to encrypt the ejb source code so that no one( hopefully ) sees the
source code.
SK
source code.
SK
M
Manish Pandit
Tiwkiz said:I want to encrypt the ejb source code so that no one( hopefully ) sees the
source code.
SK
EJB Clients do not have the remote classes (the actual implementations)
- they just have the stubs. So, the clients cannot reverse engineer the
class files. Do you mean protecting them on the server itself?
-cheers,
Manish
T
Tiwkiz
Do you mean protecting them on the server itself?
Yes, that is what i want.
Yes, that is what i want.
A
Andrew Thompson
Yes, that is what i want.
Obfuscation provides a (extremely limited) form
of protection, but it can be cracked if the user is
determined enough. If it is a truly magnificent coding
concept though, and too hard to decrypt, it would
probably be relatively simple to design an entirely new,
fresh Class, based on the inputs and outputs of the original*.
* Very little code is so special that it cannot be
reproduced, simply by examining how an existing
version behaves.
Your best bet is to write 'no reverse engineering' into
the software use agreement, and sell support, rather
than (trivial) bits of code.
Andrew T.
L
Lew
Andrew said:Your best bet is to write 'no reverse engineering' into
the software use agreement, and sell support, rather
than (trivial) bits of code.
And hope that they steal your source code, so that their competitor will tell
you and you can charge them triple.
Anyone who is a decent programmer, and there are far fewer of those than
collect a paycheck for the job, understands why so many people are anxious to
obfuscate their source. I'd be embarrassed, too.
- Lew
T
Tiwkiz
If you know any product, please let me know.
A
Andrew Thompson
If you know any product, please let me know.
Product to do what?
- 'Bodyguard' is a private service, try your local
'business directory', or such.
- 'Obfuscation' is pointless, but Google 'Java Obfuscator'
if you wish to waste some (of your) time/money.
Andrew T.
D
Daniel Pitts
you and you can charge them triple.
Anyone who is a decent programmer, and there are far fewer of those than
collect a paycheck for the job, understands why so many people are anxious to
obfuscate their source. I'd be embarrassed, too.
- Lew
Wait, I'm confused. Are you actually saying obfuscation is a good
thing?
L
Lew
Daniel said:Wait, I'm confused. Are you actually saying obfuscation is a good
thing?
Not if you're proud of your code.
- Lew
A
Alex Hunsley
Andrew said:Product to do what?
- 'Bodyguard' is a private service, try your local
'business directory', or such.
- 'Obfuscation' is pointless, but Google 'Java Obfuscator'
if you wish to waste some (of your) time/money.
Not so; obfuscation often reduces resulting bytecode size. And if you're
working in the J2ME area or similar, where download size can really
matter, it's a boon.
A
Alex Hunsley
Daniel said:Wait, I'm confused. Are you actually saying obfuscation is a good
thing?
Methinks he's joking about some people's terrible coding style...
Although I think the obfuscation being talked about in this thread
applies to bytecode to produce more bytecode, not to source code directly.
lex
A
Andrew Thompson
....
...Not so; obfuscation often reduces resulting bytecode size.
OK, good point. I was focusing on the OP's
stated goal.
/But/, do not forget that has to be offset against
the potential loss of information in stackraces
(both of meaning of the very short class, method
& attribute names, along with probable loss of
line numbers).
If there was a situation where you could get
a sensible stacktrace from your users*, you
can say goodbye to that once obfuscation is
used. I prefer my stacktraces to be verbose
and specific.
* Which is often /not/ practical.
Andrew T.
B
Bent C Dalager
/But/, do not forget that has to be offset against
the potential loss of information in stackraces
(both of meaning of the very short class, method
& attribute names, along with probable loss of
line numbers).
Wouldn't a decent obfuscator provide the developer with a way to
un-obfuscate stack traces?
I have never used obfuscators so I don't know what sort of features
they tend to offer, but this particular one seems to be pretty high up
on the "must-have" list?
Cheers
Bent D
D
Daniel Dyer
Wouldn't a decent obfuscator provide the developer with a way to
un-obfuscate stack traces?
I have never used obfuscators so I don't know what sort of features
they tend to offer, but this particular one seems to be pretty high up
on the "must-have" list?
You get this with Proguard. It outputs a list of mappings from
unobfuscated names to obfuscated names. It also comes with a tool to
translate an obfuscated stack trace into an unobfuscated one. However, if
you have Proguard strip out the line numbers from the class files, you
won't be able to get these back.
Dan.
A
Andrew Thompson
....
You get this with Proguard. It outputs a list of mappings from
unobfuscated names to obfuscated names. It also comes with a tool to
translate an obfuscated stack trace into an unobfuscated one.
Cool. That had never occured to me.
I take it the mappings and converter tool
are specific to a particular build?
(Given the mappings may change between
one obfuscation and the next)
...However, if
you have Proguard strip out the line numbers from the class files, you
won't be able to get these back.
Scrying, anyone?
Andrew T.
C
Chris Uppal
Andrew said:Cool. That had never occured to me.
I take it the mappings and converter tool
are specific to a particular build?
(Given the mappings may change between
one obfuscation and the next)
I can't remember whether it was Proguard, but one of the obfuscators I looked
at had the ability to reuse old mapping tables so that obfuscated method and
class names (all you care about for stack traces) would remain more-or-less
stable over time.
-- chris
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman
-
Hello Everyone
- Started by welly
-
Problem with code
- Started by camilin05
-
How to get expertise in "cyber security" or from where to start for this?
- Started by independent