WebApp Sec mailing list archives
Re: Obfuscation of JSPs?
From: Dave Ockwell-Jenner <doj () solar-nexus com>
Date: Wed, 22 Dec 2004 14:13:12 -0500
Dean Saxe wrote:
Are you targeting a specific application server? If so, perhaps it supports a JSP pre-compiler and then you can obfuscate the compiled classes as you would any other class. Ship the pre-compiled classes in WEB-INF/classes and you're away - no need to ship the JSP source. Keep in mind that the pre-compiler (in general) can only target a specific container (and likely version). So don't expect to compile JSPs with JSPC in Tomcat 4 and deploy to WebLogic :-)I'm currently working on a project to do code obfuscation for a J2EE application. We've already identified DashO Pro to obfuscate class files, but I have been unable to find any similar technologies to apply to JSPs.My research has been a bust so far!What, if anything, are people using to obfuscate JSPs? [snip]
Other than that, I would be surprised if an obfuscator could be built for JSP, given that they must then be parsed and compiled into bytecode by the application server.
-- Dave Ockwell-Jenner Solar Nexus Solutions http://www.solar-nexus.com/
Current thread:
- Obfuscation of JSPs? Dean Saxe (Dec 22)
- Re: Obfuscation of JSPs? Dave Ockwell-Jenner (Dec 23)
- Re: Obfuscation of JSPs? Alexander Klimov (Dec 23)
- <Possible follow-ups>
- RE: Obfuscation of JSPs? Burke, Charles (Dec 30)