5

This may be a conceptual question, so forgive if it's in the wrong place. My idea is that I don't want anyone to reverse engineer my .war file, or the inside .jar files at any rate. So, I can encrypt them and secure them with a password. Then, in order to deploy them, a client would have to pick a hosting service and upload the war file to them, such as I do for heroku.com. Once the encrypted war file is there, then the hosting service could allow me to set the password and thus install the war. In this manner, nobody but the hosting service ever has access to the un-encrypted files.

Has anyone heard of anything like this, or something that accomplishes the same purpose?

NicholasKarl
  • 253
  • 3
  • 12
  • If you can't find an answer here, I'd consider asking http://security.stackexchange.com/ Although I don't think there is any harm in asking here. – turbo Dec 10 '13 at 15:50
  • 4
    What's the advantage here over just providing a hosted application and selling that? What does the client get, that they cannot get with a fully hosted app? For this to work, the client cannot have any privileged access to the server. – DNA Dec 10 '13 at 16:23
  • True. The advantage is that a client gets to choose hosting providers, or use one they already have. – NicholasKarl Dec 10 '13 at 20:29
  • As far as I know such service doesn't exist, but it would be quite an interesting conceptual java app server, where the byte code could be encrypted and decrypted at class loading for instance. Perhaps getting jetty and changing the class loader a little so, that the deployed files are still encrypted. – chaos Dec 10 '13 at 21:29

1 Answers1

1

If your concern is reverse engineering, have you considered using a code obfuscator such as pro guard? It's quite effective

mac
  • 5,627
  • 1
  • 18
  • 21
  • Well, there are many discussions about this here on stackoverflow, e.g., [is it worth it](http://stackoverflow.com/questions/1419474/is-it-worth-to-obfuscate-java-web-application?rq=1). I am looking for something more definite. – NicholasKarl Dec 11 '13 at 01:46
  • @NicholasKarl true but in the absence of a widespread hosting standard that would provide a service such as the one you imagine, SaaS is the only other option otherwise there wouldn't be much of a choice for clients – mac Dec 11 '13 at 03:46