Protecting J2ee source code
hi
How I can protect my source code from a decompilation in a J2ee
environment. I search a effective means for protecting the source code,
and that is not a handicap in term of performances.
I must to crypted the source code or to use an obfuscator (which is most
effective)?
regards
In a J2EE environment, obfuscating your code should make sense only if you're a library or components developer, and you have to supply class files to your clients and don't want them to be able to reverse-engineer.
If you do not supply libraries, your code is on the server, and you shouldn't need to obfuscate anything.
Of course, if some intruder gets access to your server machine, the above does not hold anymore. However, I suspect that you'll have much bigger worries in this case than the mere possibility of the intruder decompiling your code....
Similar Messages
-
How to protect java source code?
Hi everybody
I love Java but I think that people can decompile my class file to take my source code!Like this program
http://kpdus.tripod.com/jad.html
How to protect our source code?Even you use Jar files, they can unzip them and decompile!
Thanks in advance!Use Java Obfuscator. Try one of these
http://preemptive.com/products/dasho/index.html
http://www.zelix.com/klassmaster/obfuscator.html
http://java-source.net/open-source/obfuscators -
How to protect JSP source code on the Server Side ?
I am new on JSP. I Already know about various Web and Desktop technologies but is the first time on JSP. I know ASP for example.
Well, about .NET platform, it protects my source code on the server, the source code is compiled and on the server, only the compiled file are installed, my source code stay with me...
About JSP, how it works about ? Is possible to hide my source code too ? What the technique to hide the codes ? I need to prevent access to my source codes...
Robertoroberto.novakosky wrote:
About .exe files, do you know if a java class is more easy or dificult to do reverse engineering ?Depends on who your enemy is. If it's for example a hacker with a lot of C knowledge but zero of Java knowledge, reverse engineering .exe would be easier than .class. If one was interested, one would always take time to learn how to decompile the one or other. Making files secure is a waste of time. It's always "hackable".
If there was a proof of concept, no one major software vendor would have had so much problems with piracy and cracks/keygens. Think about it once again. It's simply impossible. Just have a clear EULA and actually make work of it whenever you discovers if someone breaks your EULA.
I was thinking about, the .JSP can be converted to servlet .java, and converted to .class, this way hide the source code.Once again, one could still decompile it (or reverse engineer, so you call). -
I heard about the possibilty of decompiling the java code and getting back the source code, is this flaw specific to java or is it common among all programming langauges?
how is it possible to protect the source code? and how expensive is the solution?
thank youThis is not a flaw!
Java is compiled on the byte level not bit level. This is so because the same class can run on Windows, Solaris, Linux and Unix. This makes the execution a little bit slower and easier to decompile but a small price to pay for cross platform compatibilty. -
I heard about the possibilty of decompiling the java code and getting back the source code, is this flaw specific to java or is it common among all programming langauges?
how is it possible to protect the source code? and how expensive is the solution?
thank youBack to poster: To my knowledge, the ability tode-compile back to valid source code is unique to
Java.
No it's not. Any program files can be decompiledback
to source code.
If not their original C or C++ code, then at least
assembly code.You cannot decompile C or C++ code to anything but
assembler language. Which even when written by a good
programmer is considered obfuscated by others. I
doubt that anyone has lifted C or C++ code from
another application using a decompiler.yes you can, all binaries can be reverse compiled, logically speaking they have to be!
However, the readability of the output is not going to be as high as that obtained from decompiled java.
>
I would say that de-compilation is not a flaw in Javawhen compared to
powerful features it has to offer. Of course it's a flaw (so I disagree with you here).
People don't want this behavior, but it exists. As I
stated earlier (and I'm agreeing with you on this
one), it was an issue of priorites, and the
developers of Java decided that it was OK because it
allowed "powerful features"...it is a feature - whether it is a desirable feature is another argument entirely.
>
Here's a list of projects where the developers arenot interested in
hiding the source code from you, in fact they let youhave it for free:
Notice the words developers, not software companies.
I believe in open source and participate in it when
not bound by non-disclosure which is 99% of the time.
But I would stand by my statement that there are no
o software companies selling retail software that
believe the ability to decompile Java back to Java
source code is OK or good for them in anyway. I would
gently suggest that providing open source code, and
providing the ability to decompile to source code
really don't belong in the same discussion...Protecting code is not the job of programmers, it is the job of the Law.
rob, -
Hi,
It is possible to encrypt or protect the source code for an apex application.
I want to make sure nobody can export my application or at least that is not legible to protect the logic.
Any suggestions or workaround?
Thanks!!!!Hello Oliver,
You cannot encrypt the data in the apex tables (unless you use encrypted tablespaces, but then still you can access the data using an oracle front end). But you can use database packages (procedures/functions) to store your logic (and just call these functions from within apex). And you can wrap the source code of those packages..
Greetings,
Roel
http://roelhartman.blogspot.com/
You can reward this reply by marking it as either Helpful or Correct ;-) -
How to protect the source code?
hello everyone,
how can I encrypt the bean program, such that people cannot decompile and get the source code? Any link to useful reading would be very helpful too, thanks in advance!Just go through this query posted in the jdc forum:
Question of the week No.160: How do you protect your code from decompilers?
http://developer.java.sun.com/developer/qow/archive/160/index.jsp
Hope this clears your doubts.
ajit -
I have been going in circles trying to resolve how to ensure know one can easily see the VBA code I have written. it's dumbfounding to think source code can't be obfuscated. It seems password protecting can be broken in seconds. VSTO of VBA does not seem
to help (I created an AddIn), but the vba is visible. Is there a way to create compiled code? If so is there an example with source code I could learn from. I thought Visual Basic did this.
Thanks
AdamYes, you're right. VBA code is quite easy to break, and currently there is no way to obfuscate it natively.
However there are serveral tools that obfuscate VBA code, and you would use it before distributing your app.
I've never used myself any of those tools because I currently don't need to proctect my code, but I've tested some for fun and they're quite good. It renames everything in your code, making the VBA code virtually impossible to comprehend without losing functionality.
Try searching for "VBA Code Obsfuscator" that you might find something that suits you.
Felipe Costa Gualberto - http://www.ambienteoffice.com.br -
Hi,
I was trying to get the source code java files for the j2ee 1.4, but i haven't been able to locate the correct url for the download on the sun website.
Can anyone forward me the correct link.
Thanks!!This should be the URL:
http://www.sun.com/software/communitysource/j2ee/j2ee/download.xml -
How to download SUN J2EE source codes?
Especially those Java source codes under the javax.ejb package.
All the source code for both the javax.ejb API and the reference implementation itself are freely
available through the Glassfish project. You can find more information here :
https://glassfish.dev.java.net/source/browse/glassfish/ejb-api/src/share/classes/
https://glassfish.dev.java.net/source/browse/glassfish/ -
How to protect the source code in lookout
we are using the lookout 6.5 version for the automation. we want to protect the code from the end user, please confirm the possibility of the same.
The .lks file is the source file. If you give the .l4p file to end user, and the end user uses the runtime only server, they cannot modify anything. But actually they can modify the process if they have development server.
Ryan Shi
National Instruments -
I am developing and application that I am planning on
"leasing" out to busnesses but to keep my source code safe I will
only allow the application to be run under a hosting account that I
control so that the source is not subject to being stolen. Other
then cfencrypt (which can be decrypted) is there a way for me to
distribute my application to companies that want to outright
purchase it and allow them to install it on a different server yet
protecting the source code? Can I compile it into .jar files and us
it that way? And if so how do I do that?
Thanks,You can deploy as a J2EE application, see:
http://livedocs.adobe.com/coldfusion/8/htmldocs/deploying_4.html#117456
Also for some tips from the trenches:
http://www.adobe.com/devnet/coldfusion/articles/ear.html
One caveat, the people you sell the application to _must_
have a valid Enterprise copy of CF or it will not deploy.
hehe, never done the above tho! -
How to protect ADF Application Source code
Hi,
There is an ADF Application which needs to be given to a client. The client will deploy the application.
How do i protect the source code giving to the someone from the ADF application. ?An ear file don't need to contain java source files, but is can.
Sure you can create an ear without the source files. You define what goes into the ear yourself (source files are normally not included). The deployment descriptor you used to create the ear defines what file (contributors) are in the ear. Check the applications deployment descriptor and change it in a way that the sources are not included.
Timo -
Conversion of class files to source codes
I was informed that it is possible to convert class files back to the java sourcs codes from where those are generated. How can I protect my source codes from illegal copying by others ?
hai ,
yes it is possible to convert class file into source code. there is a software called jad.exe available in the net
using witch u can convert class file into jar file. but i don't know how to protect the class file to avoid the illigal convertion. -
How to protect jsp source file
Hi everybody, i used the jsp language for developer a jsp program that will be run on a local machine e not on the web. Then i have to put the source code on different computer of different people. My question is how i can protect my source code in webapps directory and make that nobody can copy my souce code? There is a way for make this? i tried to download a program for protect a generic folder with a password but i think that is not the best way.
Thank youHi everybody, i used the jsp language for developer a
jsp program that will be run on a local machine e
not on the web. Then i have to put the source code on
different computer of different people. My question
is how i can protect my source code in webapps
directory and make that nobody can copy my souce
code? There is a way for make this? i tried to
download a program for protect a generic folder with
a password but i think that is not the best way. You don't have to put the JSP everywhere. You need to provide the URL to the deployment on your machine. That way, others would be able to use the JSP but not see the code.
Maybe you are looking for
-
What was fixed in Contribute 4?
Blogs, schmogs! How lame. More importantly, what kinds of fixes does Contribute 4 provide a user of Contribute 3.1?
-
I have made a bootable copy of OS 10.6.8 onto an external G-drive from my 2007 24" iMac with success. I can't boot up my my new 2013 imac that has Mavericks installed. Any suggestions?
-
Photoshop CS4+ please help download
I need to edit a resume template I purchased thats saved as a PSD file. I downloaded photoshop CC but I was told I needed CS4 to edit the resume text. Can someone please tell me what is CS4 and how can I download it? Is it an extension of Photoshop
-
When I install a media server on a host ,sucessed to comptele the installtion ,when I open the ob ,can't open .I manuly run the obtool in the command,tell me "failed to read configration data ,failed to validate certificate".how this mean ?
-
Hello friends, We are having problems when assigning a bank account to a vendor in transaction FK01. We are migrating from another system which has settings for country specific checks for bank accounts (trx OY17) . In theory, this means that for DE,