|
Sponsored Links
Resources
Enterprise Java
Research Library
Get Java white papers, product information, case studies and webcasts
|
News
News
News
|
Messages: 5
Messages: 5
Messages: 5
Printer friendly
Printer friendly
Printer friendly
Post reply
Post reply
Post reply
XML
XML
XML
|
 |
Articles on Java Security at the OWASP Java Project
The OWASP Java Project was launched a few months ago with the goal of providing security resources to the Java community. The project already has a number of articles that could be of use to those interested in building or deploying secure Java applications, including:
- Declarative Access Control in Java
- Hashing in Java
- How to add validation logic to HttpServletRequest
- How to perform HTML entity encoding in Java
- JAAS Timed Login Module
- JAAS Tomcat Login Module
- Java Security Resources
- Preventing LDAP Injection in Java
- Preventing SQL Injection in Java
- Securing Tomcat
- Using JCaptcha
Ideas or content for articles can be submitted to the wishlist or the project's roadmap.
|
|
|
Message #220789
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
how about code obfuscation >
If i run a product company and i dont want my clients to just de compile my code and start using it - how do i prevent that ?
Is there any security i can apply on top of my soruce code so its not decompilable ?
I know there is obfuscation or a better licensing policy. Well the later doesnt really work in most cases especially when i run a small company. But obfuscation is the only way ?
|
|
|
Message #220845
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: how about code obfuscation >
If i run a product company and i dont want my clients to just de compile my code and start using it - how do i prevent that ?
Is there any security i can apply on top of my soruce code so its not decompilable ?
I know there is obfuscation or a better licensing policy. Well the later doesnt really work in most cases especially when i run a small company. But obfuscation is the only way ?
This might be overkill, but I've used encrypted class files before, and a decrypting classloader.
|
|
|
Message #220892
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: how about code obfuscation >
This might be overkill, but I've used encrypted class files before, and a decrypting classloader.
And how do you prevent your decrypting classloader from being decompiled?
Or better yet, how do you prevent it from being run in a JVM with a modified rt.jar on the boot class path where java.lang.ClassLoader.defineClass() is "customized" so it neatly dumps all bytecode it receives to a directory in the local filesystem?
Obfuscation and encryption are both quite futile. You can slow down a reverse engineering attempt, but you won't prevent it.
|
|
|
Message #220963
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: how about code obfuscation >
This might be overkill, but I've used encrypted class files before, and a decrypting classloader.
And how do you prevent your decrypting classloader from being decompiled?
Or better yet, how do you prevent it from being run in a JVM with a modified rt.jar on the boot class path where java.lang.ClassLoader.defineClass() is "customized" so it neatly dumps all bytecode it receives to a directory in the local filesystem?
Obfuscation and encryption are both quite futile. You can slow down a reverse engineering attempt, but you won't prevent it.
So no real solution as such to prevent your intellectual property if you build it and sell it in java ?
|
|
|
Message #220978
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: how about code obfuscation >
No I don't think there is an absolute method of protecting IP in a standalone Java application. But obfuscation will slow down the decompiling process.
Other alternatives are:
- Do the clever stuff on a server
- Do the clever stuff in native code
All depends on how important IP is to you, and how likely it is that someone would go to the trouble of stealing it.
|
|
|
| New content on TheServerSide.comNew content on TheServerSide.comNew content on TheServerSide.com |
|
|
Reza Rahman continues to explore the features of the proposed JSR 299, Contexts and Dependency Injection for Java EE (CDI). When approved, it promises to be a key feature of Java EE 6.
(January 21, Article)
Ted Neward is an independent consultant specializing in high-scale enterprise systems, and an authority in Java and .NET technologies. He is the author and co-author of several books, including Effective Enterprise Java. At TheServerSide Java Symposium in March, he will be presenting sessions on pragmatic architecture, ECMAScript and Scala.
(January 15, Article)
Now that Oracle is absorbing Sun Microsystems, there mixed views on what should come of the Java Community Process (JCP). While some say Oracle should become the new steward of Java and keep the JCP much as it was, others argue that it may be time to open-source this widespread language.
(November 24, Article)
Reza Rahman explores the features of the proposed JSR 299, Contexts and Dependency Injection for Java EE (CDI). When approved, it promises to be a key feature of Java EE 6.
(November 2, Article)
SAML is an XML-based standard for exchanging authentication and authorization data between security domains. The single most important problem that SAML was created to solve is the Web browser Single Sign-On problem. Many organizations are debating whether to stay with version 1.1 or move to 2.0. This article makes observations about both options.
(September 28, Article)
Joe Ottinger takes a look at how people learn, and applies it to the practice of programming. He notes that understanding how people learn is an essential part of working in a programming team.
(September 22, Article)
Stephen Maryka gave us an article about the Asynchronous Web and posed a number of questions that get examined like an approach to delivering Asynchronous Web capabilities through extensions to existing Java EE technologies.
(July 14, Article)
JavaServer Faces Flex goal is to provide users capability in creating standard Flex components, part of flexSDK which is open sourced through MPL license, as normal JSF components. This article by Ji Hoon Kim will provide an overview of creating a simple multilingual JSF page consisting of JSF Flex tags.
(June 29, Article)
In this session Jeff explores the key characteristics of successful SOA projects. He covers some of the patterns, and anti-patterns, tool sets, and strategies that he himself learned the hard way. Last, he provides a strategy and blueprint for achieving a high likelihood of success in your SOA project.
(June 23, Tech Talk)
Ari Zilka, CTO of Terracotta, Inc., talks about the new features in Terracotta 3.1, announced during JavaOne and available now.
(June 15, Tech Talk)
In this Tech Talk, Josh Long explores an integration challenge using Spring Integration and walks through the implementation, employing and expanding on the basic patterns of Enterprise Application Integration to tie together components into a function integration solution, and then demonstrates how Spring Integration helps address the integration requirements.
(June 15, Tech Talk)
In this Tech Talk, David Geary teaches you: The basics of Google Web Toolkit; How to implement Ajax-enabled applications in Java; Internationalization; Hooking into the browser history mechanism; Remote procedure calls.
(June 4, Tech Talk)
Jon Kern discusses the best architecture/technical solutions and ensure that they are repeated by all developers. By tackling the architecture up-front in a serial manner, subsequent parallel development will be much more manageable and predictable.
(May 28, Tech Talk)
This keynote describes the frustrations of modern knowledge workers in their quest to actually get some work done, and solutions for how to guard yourself against all those distractions. Neal Ford talks about environments, coding, acceleration, automation, and avoiding repetition as ways to defeat the misguided attempts to sap your ability to produce good work.
(May 26, Tech Talk)
Gil demonstrates how new, aggressive uses of already abundant compute capacity by common applications offer competitive value for application designers.
(May 21, Tech Talk)
Chris Keene introduces WaveMaker as a new way to automate the ability to generate Hibernate classes in order to more quickly bring OR mapping into an application.
(May 19, Article)
Mastering EJB was one of the original and most influential EJB books in the industry. Mastering EJB III now returns with two new expert co-authors, updated for EJB 2.1 and 30% new chapters including security, integration, best practices, open source, and more.
(Book PDF Download)
The Application Server Matrix is a detailed listing of J2EE vendors and their application server products, with information on latest version numbers, J2EE spec support and licensing, pricing, platform support, and links to product downloads and reviews.
(Application Server Comparison Matrix)
|
|
