Jackson Ching wrote:
> Hi,
>
> Correct me if i'm wrong, Since class file can be decompiled, and servlets
>are on server side, wouldn't it be dangerouse if your servlets can be decompiled by
>hackers (they can know your codes).
>
> Is there a way for your class files not to be reverse engineered?
>
Being able to decompile a class file presumes that you can read the bytecodes of the
class file, right?
The recommended placement for class files in a web application is the WEB-INF/classes
or WEB-INF/lib directory in a web application based on the servlet 2.2 or later
specification. There is an additional
requirement in this spec -- the servlet container is not allowed to serve any file
under WEB-INF in response to a client request. Therefore, your putative hacker cannot
get ahold of the bytecodes of your
servlets (unless you happen to store them someplace else in your document root, which
would be a "bad thing"), and they can therefore not decompile your classes.
>
> Jack
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
