Announcement Announcement Module
Collapse
No announcement yet.
security about .class information Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • security about .class information

    Hello guys

    i have a huge doubt, maybe some friendly member can help

    my friend gave its .war application with all necessary files (.css,.jsp,.class,etc)
    to its company work, a contract

    the company had a situation in which some bad user stole the .war undeployed (the folder application of course) and he was caught, now i think he is in jail

    the company are afarid about the security,
    in the sentide of the source code, the application of course no has the .java files, but yes the .class

    there are rumors about some programas that from the .class can generate the .java ,something like that

    the question is ,
    is there some tool that can avoid this
    in the sentide
    since when i create my .class other person cant generate the .java form them???

    thanks for advanced

  • #2
    there are rumors about some programas that from the .class can generate the .java ,something like that
    That isn't a rumor those tools are widely available, the most well known one is jad.

    is there some tool that can avoid this
    No. There are tools which can make it difficult by obfuscating your code (i.e. renaming your classes and metods) but thats it.

    Comment


    • #3
      hi marten

      thanks for the reply

      the most well known one is jad.
      ok

      There are tools which can make it difficult by obfuscating your code (i.e. renaming your classes and metods) but thats it.
      some suggestion about your experience with some tool of this?

      regards

      Comment


      • #4
        Originally posted by dr_pompeii
        some suggestion about your experience with some tool of this?
        Haven't worked with those tools. However google should be helpful. Use java, obfuscation/obfuscating as keywords and you should get some hits.

        Comment


        • #5
          thanks Marten

          tell me, how do you protect your code?

          regards

          funny
          http://forum.java.sun.com/thread.jsp...712642&start=0
          Last edited by dr_pompeii; Oct 26th, 2007, 03:56 PM.

          Comment


          • #6
            We currently use yGuard. You can still JAD the files though. If you are working with XML configuration you are also going to have to preserve class and method names.

            Comment


            • #7
              Hi Karl

              If you are working with XML configuration you are also going to have to preserve class and method names.
              yes, thats the weak part, to avoid a pain with spring and log part report

              i need your help
              java -jar yguard.jar
              Usage java -jar yguard.jar logfile.xml[.gz] [-pipe] [name]
              karl, pls, can you share your xml configuration?

              i see in the page documentation a lot of options and is confuse

              thanks in advanced

              Comment


              • #8
                We do something like this.
                Code:
                	<!-- yQuard obfuscation task definition -->
                	<taskdef name="obfuscate" classname="com.yworks.yguard.ObfuscatorTask" classpath="${yguard.home}/lib/yguard.jar"/>
                
                		<echo>Obfuscating the code</echo>
                		<obfuscate logfile="${build.dir}/obfuscation-log.xml" conservemanifest="true" replaceclassnamestrings="true">
                			<property name="language-conformity" value="compatible"/>
                			<expose>
                				<class classes="protected" methods="protected" fields="protected"/>
                			</expose>
                			<inoutpair in="${build.dist}/${ant.project.name}.jar" out="${build.extension}/private/${ant.project.name}.jar"/>
                			<externalclasses refid="build.classpath"/>
                		</obfuscate>

                Comment


                • #9
                  Basically you are doing to have to preserve public class names and also method names, otherwise you'll have problems.

                  Comment

                  Working...
                  X