Hi Craig, Thanks for taking the time to reply.
Yes, the plan is to distribute the WAR file to the customer. I did try obfuscating it with "RetroGuard" but then I decompiled it with "JAD" and noticed that the method names and such changed but for the most part it still seemed readable. Yes, you are correct, they could always decompile my custom class loader and find out where the jar file is coming from. I guess, I just have to obfuscate and hope they won't decompile it. No other way? Can you elaborate on this: "but I believe that in most cases there are much more important things to be worried about than fear that someone is going to steal all your ideas by decompiling the classes." thanks. On Mon, 13 Sep 2004 09:33:14 -0700, Craig McClanahan <[EMAIL PROTECTED]> wrote: > Are you distributing the WAR file to your customer, or does your > customer just run the app on your server? > > In the former case, the only way to do this would be to modify the > customer's servlet container; something they would be very unlikely to > let you do. In the latter case, the user can't download the classes > anyway (everything in /WEB-INF is protected from being accessed by the > client), so you don't need to worry about it. > > Personally, the absolute most I would ever do if I were worried about > decompiling is to run a code obfuscator -- but I believe that in most > cases there are much more important things to be worried about than > fear that someone is going to steal all your ideas by decompiling the > classes. > > Craig > > PS: Of course, even if you could convince your customer to let you > modify their container in this way, and even if the customer was > willing to run the app only on a server connected to the Internet so > they could download the "real" JAR file, nothing is going to stop the > user from accessing the JAR file directly and decompiling it if they > want to :-). > > > > > On Mon, 13 Sep 2004 08:31:52 -0700, G Q <[EMAIL PROTECTED]> wrote: > > Hi, > > > > This might be OT but I would appreciate any help. > > > > The scenario I have is as follows: > > The application jar file is located on a remote server. When tomcat > > starts up, I would like to make a URL connection to the remote server > > and download the latest jar file and use that instead of actually > > placing the jar file in the WEB-INF/lib/ directory or distribute it via the war. > > > > This way, I believe I would be preventing the class files being > > decompiled and also if there are any updates to the jar, there will be > > a central location for updates. > > > > Question: > > 1. How do other people implement this? > > 2. Can I extend the webappclassloader and implement this functionality? > > > > Would appreciate any url or article or help on this topic. > > > > thanks. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
