Thanks to all who responded to this request yesterday. I'm now a lot
clearer about what we are distributing, and what measures it's sensible
for us to take. We have decided to obfuscate the .classes files as they
are produced, and not worry about the jsp files: it's the java code (the
.classes files) that's the key to the application. That should increase
the degree of comfort we feel, while still allowing us to enjoy speedy
WAR construction and smaller WAR sizes. We reached the view that
pre-compiling the .jsp files would be time-consuming & would result in
much bigger file sizes.
Tom Burke
----- Original Message -----
From: Tom Burke
To: Tomcat Users List
Sent: Tuesday, January 17, 2006 3:18 PM
Subject: Encrypting/Protecting JSP/Struts source code
My company is has developed and is now marketing/selling a
line-of-business TSP/Tomcat application which we sell to corporate
customers to runs on their servers in their intranets.
It's suddenly become clear to my company that when we deploy a WAR on a
customers' site, the source code is completely visible to anyone who has
access to the server's drives, and this is belatedly causing some
concern. Obviously there are clauses in our license that formally
protect our intellectual property and at a corporate level we are
relaxed, but my boss is quite concerned about the delinquent
administrator who simply downloads & walks away with the code.
Is there any way in which the deployed WAR file, and all the files that
explode out of it, can be hidden/encrypted/protected on the server,
while still allowing them to be executed by Tomcat? The app is almost
completely JSP/Struts, there is hardly any HTML at all (if any in fact).
Tom Burke
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
