cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <and...@objectstyle.org>
Subject Re: Code obfuscation and the model
Date Mon, 06 Jun 2016 16:06:53 GMT
Looks like you have quite a lot of experience with obfuscation :)

> Semi-related question: does the client need to include the model xml in its jar, or does
only the server need the xml since only the server actually talks to the DB?

Only server needs the XML. Client needs parts of the model to operate, but it obtains it over
the wire from the server.

Andrus

> On Jun 6, 2016, at 6:34 PM, Adam Boyle <aboyle@valsphere.com> wrote:
> 
> More than likely we want to obfuscate both client and server. Our current thinking is
to use concepts in the Modeler jar file to load the XML, perform the renames (via the event
structure you have in there), save a separate model xml file, then figure out how to incorporate
it into our project all as part of specific build goals when we want to build a production
set of artifacts. Once the obfuscated xml is generated we should be able to remap references
to the DAOs using existing tools such as those used as part of the process to decompile/deobfuscate
the Minecraft jar file using the Forge Mod Development Kit, something that we have some experience
with.
> 
> 
> If we come up with a working solution, we may be able to incorporate it into the existing
cayenne maven plugin or make a new plugin with just that purpose, so we'll let you know what
we come up with, although it may only be a subset of a full obfuscation solution as there
are some object types we aren't using such as Embeddables and Queries (so far).
> 
> 
> Semi-related question: does the client need to include the model xml in its jar, or does
only the server need the xml since only the server actually talks to the DB?
> 
> 
> -Adam
> 
> ________________________________
> From: Andrus Adamchik <andrus@objectstyle.org>
> Sent: Monday, June 6, 2016 9:16:28 AM
> To: user@cayenne.apache.org
> Subject: Re: Code obfuscation and the model
> 
> I don't have any real life examples, but maybe we can brainstorm something.
> 
> Are you obfuscating just the client, or the server as well?
> 
> Andrus
> 
>> On Jun 3, 2016, at 9:15 PM, Adam Boyle <aboyle@valsphere.com> wrote:
>> 
>> Have any of you ever had to tackle the problem of obfuscating a project that uses
Cayenne? I'm looking to find a way to be able to obfuscate a Cayenne ROP project and I'm hoping
that we're not the first to attempt this.
>> 
>> 
>> Our thinking is that we would write a utility/maven plugin to obfuscate the project
XML, generate the classes/DB, use a custom remapping utility to fix up any code references,
then use Proguard/whatever to obfuscate the remaining code.
>> 
>> 
>> Thanks in advance for any advice you can provide!
>> 
>> -Adam
> 


Mime
View raw message