tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject Re: War file encryption
Date Wed, 20 Jan 2010 13:33:19 GMT
If you control the servers on which the code is being deployed, you should
probably be taking other steps than encryption.

If you *don't* control the servers, you cannot stop someone decrypting your
code - sooner or later, it will have to be decrypted for Tomcat to use it.
Therefore you will have to give those servers the key to decrypt the code.

Javascript that will be sent to a browser is always available "in the
clear", as the browser must be able to use it.  You should assume that if a
stream of bytes ever gets served out of a web server, it's gone out of the
server's control and could be copied.

However, you can still sort-of protect your code.  At least one company has
posted here that they have a Java compiler that compiles Tomcat + webapps +
JVM to one big native code executable.  You *could* buy a license to that
technology and use it.  I assume it's not cheap.

- Peter

2010/1/20 Krantiā„¢ K K Parisa <>

> Hi,
> Is there any way that we could encrypt the war file that is getting
> deployed
> into tomcat?
> or can we make war files or jar files as native code files like dll files
> or
> so.
> the objective is to safe guard the code inside the war file (javascript,
> jsp, .class files)..etc
> Best Regards,
> Kranti K K Parisa

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message