Re: Encrypting/Protecting JSP/Struts source code

Tue, 17 Jan 2006 07:47:41 -0800

In the tomcat workflow, JSPs are first compiled to java source code, and then compiled a servlet class. Pre-compiling takes care of this before deployment. I believe there's an Ant task to do this for you. In the end, all the JSPs and java classes are in compiled binary form that's harder although not impossible for a less than honorable admin to reverse engineer.
One of the benefits to this is there is no delay on the first request to a JSP because the server is compiling it. That's a big plus even if you aren't concerned with releasing source code. 

--David

Tom Burke wrote:


Thanks for this tip. I am not the developer, merely an in-house 
administrator who is having an interesting year learning Tomcat & 
MySQL...


Can I ask for some more clarification, please? You say

"If you're referring to your JSPs, you can precompile them and release 
everything

as servlets."


Well, the JSPs are among the things I am referring to. Showing my 
ignorance, is a 'pre-compiled' file a binary file? And how would we 
deploy these onto a server?


Tom


----- Original Message ----- From: Caldarale, Charles R
To: Tomcat Users List
Sent: Tuesday, January 17, 2006 3:25 PM
Subject: RE: Encrypting/Protecting JSP/Struts source code



From: Tom Burke [mailto:[EMAIL PROTECTED]
Subject: Encrypting/Protecting JSP/Struts source code

It's suddenly become clear to my company that when we deploy
a WAR on a customers' site, the source code is completely
visible to anyone who has access to the server's drives, and
this is belatedly causing some concern.



Why are you putting your source code in the .war files?  If you're
referring to your JSPs, you can precompile them and release everything
as servlets.  There are also a variety of cource/class file obfuscators
available for the truly paranoid (try Google).

- Chuck



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to