4

I have developed a web application which I am going to sell, but I face some security issues because I am going to provide a .war file to client machines and I found .war files can be easily extracted.

How can one provide security for war files to avoid being copied or extracted?

While searching I found Excelsior jet which converts web apps to native code but it's a trial version and I cannot afford its price so I want to know other alternatives.

Kevin Panko
  • 8,356
  • 19
  • 50
  • 61
Nilesh12
  • 99
  • 1
  • 2
  • 15
  • I believe if you convert your WAR file to native code, then you can't deploy it in a web container. Excelsior Jet is good for Java applications which are running out of container. – Amir Pashazadeh Dec 30 '13 at 04:23

2 Answers2

3

A web app container cannot deploy an exe anyway. You can obfuscate your classes and maybe write a licensing module. If you prevent users from extracting your war you'll also prevent the container from deployment.

For example, you might use a Java Bytecode Obfuscater such as

As for a licensing module, you may be able to use this or this question.

Community
  • 1
  • 1
Elliott Frisch
  • 198,278
  • 20
  • 158
  • 249
  • Thanks for replying. but bro i really don't know how to obfuscate classes and how it work for web application war file on appache server can you provide me more detail or link please. – Nilesh12 Dec 30 '13 at 04:11
2

The possible way is to

  • Use code obfuscator
  • Code in init() or somewhere check for license/access only one host.

Another option is to code your own classloader and implement it in modified web container

Sergei Chicherin
  • 2,031
  • 1
  • 18
  • 24