General discussion

  • Creator
    Topic
  • #2214267

    Code Obfustication or Code Security for a Java/J2EE Web Application

    Locked

    by rajesh.hagalwadi ·

    How to Ensure a Secure Build –Code Security more specifically called as Code obfustication—When we deploy a Jaa/J2EE (.war,.ear) web application at Client Site how to make sure of the security of code ,Is there any such standard Security Measures to ensure Code Security and Re-use from a Code Level or is it only that we sign some NDA/Agreement that code is not reusable and is our Intellectual Property.
    Any Inputs are appreciable.

All Comments

  • Author
    Replies
    • #2940812

      Obscurity is not security

      by tony hopkinson ·

      In reply to Code Obfustication or Code Security for a Java/J2EE Web Application

      What are you trying to secure.
      If it’s your apps, ie reading the code shows how insecure the code is, fix it, Obfuscation is a cop out.

      Your IP? Do it server side. Why should I use my resources to run your code when you won’t tell me what it does?
      Deobfuscation isn’t particulary hard anyway, anyone who calbale of using your IP to their benefit is capable of doing it.

Viewing 0 reply threads