WebApp Sec mailing list archives
Re: HTML/Java Protection
From: Yousef Syed <yousef.syed () gmail com>
Date: Tue, 20 Sep 2005 20:41:50 +0100
If you are really concerned, you're better designing your Applet to call code on the Server, or see if you can use a standard JSP/Servlet solution. That will allow you keep your security related code private, while leaving a publically accessible interface. As others have stated, obfuscation can be circumvented; therefore leave a minimal amount of security related code on your applet. ys On 20/09/05, Antoine Martin <antoine () nagafix co uk> wrote:
By definition the applet code runs on the client, so you simply cannot stop people from downloading it! Any kind of obfuscation/protection is doomed. If you can run it, you can trace it and decompile it. Antoine On Mon, 2005-09-19 at 17:01 +0000, confusionvalley () netcabo pt wrote:Hello all, I'm currently developing a Java applet and i want to protect the .class from being downloaded. It's very easy to download the .class file..just check the HTML code and get the class name wich will be loaded..then with a download program you can get the class file and decompile it to get the source code. The real objective is to protect the source code from the html and not so grabbers. Any idea to protect the html/java? Best regards, Nuno
-- Yousef Syed
Current thread:
- HTML/Java Protection confusionvalley (Sep 19)
- Re: HTML/Java Protection Peter Conrad (Sep 20)
- Re: HTML/Java Protection Roshen Chandran (Sep 20)
- Re: HTML/Java Protection Mark Quinn (Sep 20)
- Re: HTML/Java Protection Antoine Martin (Sep 20)
- Re: HTML/Java Protection Yousef Syed (Sep 20)
- Re: HTML/Java Protection Peter Conrad (Sep 20)