----- Original Message -----
From: "Jeng Yu" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Friday, October 24, 2008 12:28 PM
Subject: Obfuscating a Servlet
Hi All,
I just wanted to know if I can first obfuscate my
selvlet
with ProGuard before I deploy it in Tomcat
environment.
Will doing this really protect my servlet and make it
really difficult for someone to reverse engineer or
decompile it, as people seem to say?
Thank you.
Hi Jeng,
Yes it does, it can be reverse engineered and you can try it yourself, its
still there but where something was "StoreNames" is now just "a".
If they determined enough they will reverse engineer it, but on a large
project its not easy to understand at all.
Put it this way, on large projects, I can reverse engineer it and make it
run, but even though I wrote the code, I cant follow it anymore ;)
I do it on very large projects but for a different reason, it optimizes the
code, and makes it smaller, sometimes the size savings are very good, half
the size, good.
Its an art, you have to play... include all the TC libs, in the LIB section
as well as the JRE, not the main section, this tells proguard not to mess
with the interfaces.
Run it and see what breaks, if it does it means you may have to keep
additional functions, and you must test really really well.
This is because proguard can guess wrong, because of things like late
binding, introspection etc, proguard is damn good but there are somethings
it just cant guess.
So the answer is yes, it works, but its not just a util that you run without
thinking... by the time you are done, you are really going to understand
your code, and will probably change the structure a few times, so that it
optimizes well.
Obfuscating makes it difficult to follow but more important is that it
teaches you about the code, for example it may throw out a whole library or
part of one, that you thought you needed but didnt... you will spend hours
on it, but on large jobs its worth it...
Obfuscating is not a replacement for security, like hiding a passwords in
the code, thats a different technology.
Obfuscating is more about optimizing download sizes, than stopping hackers,
thats why we use it.
Have Fun....
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
---------------------------------------------------------------------------
If you cant pay in gold... get lost...
http://coolharbor.100free.com/debt/usadebt.htm
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
