If you control the servers on which the code is being deployed, you should probably be taking other steps than encryption.
If you *don't* control the servers, you cannot stop someone decrypting your code - sooner or later, it will have to be decrypted for Tomcat to use it. Therefore you will have to give those servers the key to decrypt the code. Javascript that will be sent to a browser is always available "in the clear", as the browser must be able to use it. You should assume that if a stream of bytes ever gets served out of a web server, it's gone out of the server's control and could be copied. However, you can still sort-of protect your code. At least one company has posted here that they have a Java compiler that compiles Tomcat + webapps + JVM to one big native code executable. You *could* buy a license to that technology and use it. I assume it's not cheap. - Peter 2010/1/20 Kranti™ K K Parisa <kranti.par...@gmail.com> > Hi, > > Is there any way that we could encrypt the war file that is getting > deployed > into tomcat? > > or can we make war files or jar files as native code files like dll files > or > so. > > the objective is to safe guard the code inside the war file (javascript, > jsp, .class files)..etc > > > Best Regards, > Kranti K K Parisa >
