Re: Securing Tomcat Applications from Reverse Engineering
Hi, Thanks for the info I shall take a look at the new licensing link you have sent. Best Regards, Kranti K K Parisa On Fri, Jan 22, 2010 at 11:17 AM, Dmitry Leskov dles...@excelsior-usa.comwrote: To list owner: I am not sure if vendors are prohibited from posting comments to this list, if they are, let me know and I won't post next time. Excelsior JET is not an IDE that every developer must have on his/her workstation. It is more like a setup generator. Typically, a team of developers working on a particular project would purchase one or two licenses. As a result, the smaller the team, the higher is the price per developer. For small companies, especially for early stage startups that do not yet have paying customers, this surely may be a deal breaker. We have therefore created a special licensing program that has been working very well for our smaller customers since mid-2008: http://www.excelsior-usa.com/store/jetmb.html Please do not hesitate to email me directly if you have any questions. Sincerely, Dmitry Leskov Excelsior LLC P.S. The main information page for Tomcat Web apps protection is http://www.excelsior-usa.com/protect-java-web-applications.html Well there are soo many comments on the cost of IP and other tools. when we are a small team started working on a web based product with open source tools, for sure we can't spend too much on the tools to protect the IP rights. because once we deploy for few clients, if its a good product, what if they steal the code and also ideas. i agree to have legal terms and all that stuff. but that would be a big story for us being small. so just wanted to see if anything available to protect our work, ideas (ideas at code implementation level by using different opensource technologies, well there are many companies who started like this). anyways thanks for the comments, i would love to share if we invent anything in this process, because small is big and it matters :) Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 5:00 PM, André Warnier a...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti (tm) K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Re: Securing Tomcat Applications from Reverse Engineering
On Thu, Jan 21, 2010 at 03:02:41PM +, Peter Crowther wrote: 2010/1/21 Mark H. Wood mw...@iupui.edu Reverse engineering is not a technical problem; it is a legal problem. You need a lawyer, not a program. Mmm, yes and no. Burglary is also a legal problem, but I have locks (on / around the things I want to keep, of a cost and quality appropriate to my expected loss) as well as being able to engage a lawyer if required. The analogy is imprecise. If you lease a house to someone, you have no feasible technical means to control who enters your house -- the lessee possesses a key and can let in anyone he pleases. But you could write a lease which constrains the set of people lessee is permitted to allow in. (Dunno why, but you could.) The house would be useless to lessee without a key. Similarly a program, distributed to a user, would be useless unless an intelligible version can be loaded or derived by the user's equipment. But if the user's equipment can load or derive an intelligible version of the program, the program can be reverse-engineered. That's why software licenses almost always contain specific language about reverse engineering. In both cases the owner has *necessarily* given up technical control of the property, and can only exert control through legal means. You can't stop people abusing property that you hand over to them, but you may be able to punish them if they do. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Friends don't let friends publish revisable-form documents. pgpQk69NLchSH.pgp Description: PGP signature
Re: Securing Tomcat Applications from Reverse Engineering
Do you develop web applications and deliver them to the client, so that they can install your applications on their machines without your access to the machine? Leon 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com: Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Looking forward to hear some ideas for this. http://www.excelsior-usa.com/jetinternals.html Best Regards, Kranti K K Parisa - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. That's the company I was aware of; I'm not aware of anyone else who has developed similar technology. No application is ever 100% secure from reverse engineering. So, you have a business decision to take. How good is good enough protection for your application? Who are you defending against, and what kind of effort are you assuming they're willing to put into the reverse-engineering? As pointed out by another poster, you can compile JSPs to classes and you can obfuscate your code. Is that good enough? - Peter
Re: Securing Tomcat Applications from Reverse Engineering
Kranti™ K K Parisa wrote: Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Hi. Open Source software is very nice. But some developers have to make money to live, also. Presumably, if the above product is expensive, it is because it is complex and took a lot of time to develop. Nobody is stopping you from inventing and developing your own method, and you can then also decide to release it as open source or charge for it what you think is the right price. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Peter Crowther wrote: 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Securing Tomcat Applications from Reverse Engineering
http://proguard.sourceforge.net/ -Original Message- From: Kranti(tm) K K Parisa [mailto:kranti.par...@gmail.com] Sent: Thursday, January 21, 2010 5:05 AM To: Tomcat Users List Subject: Securing Tomcat Applications from Reverse Engineering Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Looking forward to hear some ideas for this. http://www.excelsior-usa.com/jetinternals.html Best Regards, Kranti K K Parisa - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Joseph Morgan wrote: http://proguard.sourceforge.net/ -Original Message- From: Kranti(tm) K K Parisa [mailto:kranti.par...@gmail.com] Sent: Thursday, January 21, 2010 5:05 AM To: Tomcat Users List Subject: Securing Tomcat Applications from Reverse Engineering Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. How much is it worth to you to protect your IP against your estimate of the likely hacker effort to steal it (which only you can judge)? Is it more than the cost of that package? If so, then that package is reasonably priced. If not, then you need to pursue some of the other avenues to protect it that have already been mentioned, such as obfuscation, etc. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Reverse engineering is not a technical problem; it is a legal problem. You need a lawyer, not a program. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Friends don't let friends publish revisable-form documents. pgpRmc02QIJYG.pgp Description: PGP signature
Re: Securing Tomcat Applications from Reverse Engineering
Hi Leon, That's correct. we develop and deploy on client machines. but we want to secure the code. please suggest. Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 4:45 PM, Leon Rosenberg rosenberg.l...@googlemail.com wrote: Do you develop web applications and deliver them to the client, so that they can install your applications on their machines without your access to the machine? Leon 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com: Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Looking forward to hear some ideas for this. http://www.excelsior-usa.com/jetinternals.html Best Regards, Kranti K K Parisa - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Re: Securing Tomcat Applications from Reverse Engineering
2010/1/21 Mark H. Wood mw...@iupui.edu Reverse engineering is not a technical problem; it is a legal problem. You need a lawyer, not a program. Mmm, yes and no. Burglary is also a legal problem, but I have locks (on / around the things I want to keep, of a cost and quality appropriate to my expected loss) as well as being able to engage a lawyer if required. - Peter
Re: Securing Tomcat Applications from Reverse Engineering
Well there are soo many comments on the cost of IP and other tools. when we are a small team started working on a web based product with open source tools, for sure we can't spend too much on the tools to protect the IP rights. because once we deploy for few clients, if its a good product, what if they steal the code and also ideas. i agree to have legal terms and all that stuff. but that would be a big story for us being small. so just wanted to see if anything available to protect our work, ideas (ideas at code implementation level by using different opensource technologies, well there are many companies who started like this). anyways thanks for the comments, i would love to share if we invent anything in this process, because small is big and it matters :) Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 5:00 PM, André Warnier a...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Hi Kranti - Honestly if the ideas in the product are that valuable anyone who uses the product with a web browser, print screen, and paint can fully mock up the application and send the mockups to development. Anything that is deployed on a server that is out of your control, is exactly that. I understand your need as: To remotely deploy a tomcat application to a customer server. This is the root of the issue. Have you considered a hosted model for delivery? 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com Well there are soo many comments on the cost of IP and other tools. when we are a small team started working on a web based product with open source tools, for sure we can't spend too much on the tools to protect the IP rights. because once we deploy for few clients, if its a good product, what if they steal the code and also ideas. i agree to have legal terms and all that stuff. but that would be a big story for us being small. so just wanted to see if anything available to protect our work, ideas (ideas at code implementation level by using different opensource technologies, well there are many companies who started like this). anyways thanks for the comments, i would love to share if we invent anything in this process, because small is big and it matters :) Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 5:00 PM, André Warnier a...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Hello Kranti, first of all I strongly believe in open source software and don't like to obfuscate things. But well. 1. If you have internet connectivity on the target server you could only deploy a skeleton of your application and load the protect-worthly classes directly from your servers with own classloading with some funny remoteid exchange system. This way even the compile version of the application will never be directly available on customers hard drive (you must consider swapping and memory snapshots, but modern OSes encode them). It's cheap but will probably add a load of complexity, which you have to manage and, logically, your customer have to pay. 2. precompile jsps and use a code obfuscator on the jsps and compiled classes (they replace all private methods and variables with a1,a2, and so on). There are some on the market, more or less good. Use also css/js minifier, they obfuscate as well. 3. create a genial encryption algorithm with some one-time passwords and let the customers call you each time they restart the server for a new password. Maybe charge them per password. The server can then decrypt the classes with the password before it starts the webapp. 4. put the code and tomcat onto a usb stick with unreadable filesystem and hack yourself into the usb protocol. Drawback: you'll have to patch the browsers to accept urls like usb://localhost/yourapp. 5. stop wasting your time and invest it into developing new features and actually selling your product. If its worth copying it will be copied this way or other. So far no one has managed to protect its software against copying, better concentrate on things you really CAN achieve. regards Leon 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com: Well there are soo many comments on the cost of IP and other tools. when we are a small team started working on a web based product with open source tools, for sure we can't spend too much on the tools to protect the IP rights. because once we deploy for few clients, if its a good product, what if they steal the code and also ideas. i agree to have legal terms and all that stuff. but that would be a big story for us being small. so just wanted to see if anything available to protect our work, ideas (ideas at code implementation level by using different opensource technologies, well there are many companies who started like this). anyways thanks for the comments, i would love to share if we invent anything in this process, because small is big and it matters :) Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 5:00 PM, André Warnier a...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Securing Tomcat Applications from Reverse Engineering
André - Welcome to the world of small business, for-profit software development. This is a more common attitude that you might be aware. Jeff -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, January 21, 2010 5:31 AM To: Tomcat Users List Subject: Re: Securing Tomcat Applications from Reverse Engineering Peter Crowther wrote: 2010/1/21 Kranti(tm) K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
On 21/01/2010 16:24, Leon Rosenberg wrote: 5. stop wasting your time and invest it into developing new features and actually selling your product. If its worth copying it will be copied this way or other. So far no one has managed to protect its software against copying, better concentrate on things you really CAN achieve. regards Leon I agree with this statement. Legal issues aside, you can expend significant time and effort on protecting your code and a competitor can just copy the style, workflow and application logic with probably about as much effort as it would take to decompile the byte code, tidy it up get their devs to understand how it works. In fact, the latter would probably be *more* effort, and you can't use technical means to defend against the former. If you're really paranoid about your code, don't let it out of your control, run your app as a hosted service, (as previously suggested). As Leon says: focus your efforts on making a truly great product and let other people worry about keeping up with you. p On Thu, Jan 21, 2010 at 5:00 PM, André Warniera...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti™ K K Parisakranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Securing Tomcat Applications from Reverse Engineering
To list owner: I am not sure if vendors are prohibited from posting comments to this list, if they are, let me know and I won't post next time. Excelsior JET is not an IDE that every developer must have on his/her workstation. It is more like a setup generator. Typically, a team of developers working on a particular project would purchase one or two licenses. As a result, the smaller the team, the higher is the price per developer. For small companies, especially for early stage startups that do not yet have paying customers, this surely may be a deal breaker. We have therefore created a special licensing program that has been working very well for our smaller customers since mid-2008: http://www.excelsior-usa.com/store/jetmb.html Please do not hesitate to email me directly if you have any questions. Sincerely, Dmitry Leskov Excelsior LLC P.S. The main information page for Tomcat Web apps protection is http://www.excelsior-usa.com/protect-java-web-applications.html Well there are soo many comments on the cost of IP and other tools. when we are a small team started working on a web based product with open source tools, for sure we can't spend too much on the tools to protect the IP rights. because once we deploy for few clients, if its a good product, what if they steal the code and also ideas. i agree to have legal terms and all that stuff. but that would be a big story for us being small. so just wanted to see if anything available to protect our work, ideas (ideas at code implementation level by using different opensource technologies, well there are many companies who started like this). anyways thanks for the comments, i would love to share if we invent anything in this process, because small is big and it matters :) Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 5:00 PM, André Warnier a...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti (tm) K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Securing Tomcat Applications from Reverse Engineering
The GCC compiler for java allows you to compile java down to native code (AOC - Ahead Of time Compiling). I have never tried it before but it's open source and free to use. That being said I'm not certain that compiling your class files down to native code is going to solve your problem since java web apps are dependent on the class files generated by your application. Unless I'm missing out on some functionality of Tomcat that I'm aware of I think your best bet is obfuscation. Travis Beech -Original Message- From: KrantiT K K Parisa [mailto:kranti.par...@gmail.com] Sent: Thursday, January 21, 2010 3:05 AM To: Tomcat Users List Subject: Securing Tomcat Applications from Reverse Engineering Hi, Can anyone throw some light on this topic, seems it is possible to convert the tomcat+tomcat web applications to native code to secure them and further to run them on client machines easily. Please check this. http://www.excelsior-usa.com/jetinternals.html How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Looking forward to hear some ideas for this. http://www.excelsior-usa.com/jetinternals.html Best Regards, Kranti K K Parisa - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Hi Leon, Thanks for the notes, may be parallel to our sales we may spend some time on the points you mentioned to protect our selves in the future. Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 9:54 PM, Leon Rosenberg rosenberg.l...@googlemail.com wrote: Hello Kranti, first of all I strongly believe in open source software and don't like to obfuscate things. But well. 1. If you have internet connectivity on the target server you could only deploy a skeleton of your application and load the protect-worthly classes directly from your servers with own classloading with some funny remoteid exchange system. This way even the compile version of the application will never be directly available on customers hard drive (you must consider swapping and memory snapshots, but modern OSes encode them). It's cheap but will probably add a load of complexity, which you have to manage and, logically, your customer have to pay. 2. precompile jsps and use a code obfuscator on the jsps and compiled classes (they replace all private methods and variables with a1,a2, and so on). There are some on the market, more or less good. Use also css/js minifier, they obfuscate as well. 3. create a genial encryption algorithm with some one-time passwords and let the customers call you each time they restart the server for a new password. Maybe charge them per password. The server can then decrypt the classes with the password before it starts the webapp. 4. put the code and tomcat onto a usb stick with unreadable filesystem and hack yourself into the usb protocol. Drawback: you'll have to patch the browsers to accept urls like usb://localhost/yourapp. 5. stop wasting your time and invest it into developing new features and actually selling your product. If its worth copying it will be copied this way or other. So far no one has managed to protect its software against copying, better concentrate on things you really CAN achieve. regards Leon 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com: Well there are soo many comments on the cost of IP and other tools. when we are a small team started working on a web based product with open source tools, for sure we can't spend too much on the tools to protect the IP rights. because once we deploy for few clients, if its a good product, what if they steal the code and also ideas. i agree to have legal terms and all that stuff. but that would be a big story for us being small. so just wanted to see if anything available to protect our work, ideas (ideas at code implementation level by using different opensource technologies, well there are many companies who started like this). anyways thanks for the comments, i would love to share if we invent anything in this process, because small is big and it matters :) Best Regards, Kranti K K Parisa On Thu, Jan 21, 2010 at 5:00 PM, André Warnier a...@ice-sa.com wrote: Peter Crowther wrote: 2010/1/21 Kranti™ K K Parisa kranti.par...@gmail.com How could we achieve this without the above tool? Because the pricing of the above tool is very costly. Well, you could always spend the developer-years to create your own version of that tool... which would probably be *more* costly. I'll add something to that, just for the sake of it. I personally find this situation ironic : here we have someone who wants to protect their own code, presumably so that they can charge the customer for a copy of it, in order to get back their cost of development and some justified profit for their work. But the same people are apparently unwilling to pay for a product that would allow them to do so, and is sold on the same terms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing Tomcat Applications from Reverse Engineering
Dmitry Leskov wrote: We have therefore created a special licensing program that has been working very well for our smaller customers since mid-2008: http://www.excelsior-usa.com/store/jetmb.html To the OP : there, you see, a discount ! And you did not even have to ask. ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org