tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <peter.crowt...@melandra.com>
Subject Re: Securing Tomcat Applications from Reverse Engineering
Date Thu, 21 Jan 2010 11:16:22 GMT
2010/1/21 Krantiā„¢ K K Parisa <kranti.parisa@gmail.com>

> Hi,
>
> Can anyone throw some light on this topic, seems it is possible to convert
> the tomcat+tomcat web applications to native code to secure them and
> further
> to run them on client machines easily.
>
> Please check this.
>
> http://www.excelsior-usa.com/jetinternals.html
>
> How could we achieve this without the above tool? Because the pricing of
> the
> above tool is very costly.
>
> Well, you could always spend the developer-years to create your own version
of that tool... which would probably be *more* costly.  That's the company I
was aware of; I'm not aware of anyone else who has developed similar
technology.

No application is ever 100% secure from reverse engineering.  So, you have a
business decision to take.  How good is "good enough" protection for your
application?  Who are you defending against, and what kind of effort are you
assuming they're willing to put into the reverse-engineering?

As pointed out by another poster, you can compile JSPs to classes and you
can obfuscate your code.  Is that "good enough"?

- Peter

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message