So I'm developing a project for a client and in the end they will have a server running Apache Tomcat Server 7.0 and my project .war will be deployed there. Basically the .war will be running on their server and they will have access to it.
Can anyone provide any tips in how can i secure my code and prevent them to give it a look? Because the logic of the program itself it's what makes it valuable per se.
Thanks in advance.
There's no need to send source code up in a WAR file. But the resulting java binaries will still be subject to reverse engineering and decompilation, if they're so inclined. You'd need to look in to java obfuscation to try and manage that.
You can even use JSPs for presentation, but you'll want to pre-compile those in to servlets before distribution.
Do not disregard legal mechanisms through licensing of your work. Make sure your licenses and contracts are very clear about code ownership and rights to the software. That's a place for a lawyer.
Related
I understand the concept of source version control and how it applies to self-contained projects like a Windows application. But for web development, most files are stored on the web server. This has become a headache for development with many people just copying and renaming files and then pushing files over to production is another mess.
I need some kind of source version control that is relatively not too difficult to learn and must be GUI-based or have a GUI as an option. The people who will use this have little or no knowledge of the command line.
How can I integrate source version control with web server files? What software is available for such an endeavor? And is it possible to have the source version control software administer both the production and development web servers or I may only have two separate source version control installs for each web server and manually push over changes?
The web servers are Windows-based and also use Tomcat for Java/JSP.
Any help would be appreciated. Thank you.
I think you are not clear on the idea of version control. Version control is about managing your code. It is about putting your code in a remote server (may be in a central location) and accessing it using a client tool. This way a number of people can work on different part of the code and than push their work to version control server. It has nothing do with the type of the project.
The project can be a windows application, web server application or any application.
While using version control, in regular intervals or whenever needed you build your code from the version control server and deploy it to the web server which means you are deploying code that is already build (a .war for a web application).
You first deploy to your development server and later deploy the same war to the production server.
You can use SVN server for your version control server and Tortoise SVN as client.
You have to split in mind two different but interacting things - Version Control and Deploy Tools:
VCS has to do with any evolving over time items, which you want to have under control
Deploy just deliver correct object into the correct place at the correct time and convert "set of something" into Product.
Deploy isn't a problem per se (almost any job can be automated), main problem in multiDEV environment (2+) with central STAGE (less with PROD) server is question of communication between Devs and synchronizing of their operations, i.e. - workflow and management:
just imagine 2 (or more) devs, performing diferent unrelated tasks, which want to test latest own (and only own) changes on common STAGING server (because they haven't functional local environment). If 1-st deploy "some WIP" on server, he don't want to have own tests be interrupted and code poisoned by deploying third-party changes. They must to communicate and coordinate actions, it can't be dumb "copy to..." in post-commit hook
And is it possible to have the source version control software administer both the production and development web servers
Yes. But VCS does not "administer" web-servers in common sense, rather it's "communicates" or "take into account"
I have developed a web application which I am going to sell, but I face some security issues because I am going to provide a .war file to client machines and I found .war files can be easily extracted.
How can one provide security for war files to avoid being copied or extracted?
While searching I found Excelsior jet which converts web apps to native code but it's a trial version and I cannot afford its price so I want to know other alternatives.
A web app container cannot deploy an exe anyway. You can obfuscate your classes and maybe write a licensing module. If you prevent users from extracting your war you'll also prevent the container from deployment.
For example, you might use a Java Bytecode Obfuscater such as
yGuard
ProGuard
JODE
As for a licensing module, you may be able to use
this or this question.
The possible way is to
Use code obfuscator
Code in init() or somewhere check for license/access only one host.
Another option is to code your own classloader and implement it in modified web container
I have created an entire site which includes Jsp and html pages,servlets,java files,and i have used msaccess as the db.All thse have been created using eclipse.What is the best way to deploy this on the web?and how do i do it?
Any help is appreciated.
Thanks
This is what the WAR-format is designed for.
Look into how to package your stuff in a WAR form and use that. Note that very few sites offer both Java and Access. You may want to consider being database agnostic.
do you already have a "java-capable" webserver running somewhere? Are you going to host it yourself or are you going to deploy it to some server hosted by some company?
As YK-47 already said tomcat (http://tomcat.apache.org/) in conjunction with apache webserver is a good choice. You might also want to have a look at jetty (http://jetty.codehaus.org/jetty/)
As soon as you have the server running and accessible over the web you can deploy any java based web application there (i.e. a war-file).
A War file is definitely the easiest method.
If you turn your project into a Maven project it can automatically generate a war file for you, and even deploy it to a webserver if you set it up to do so.
m2eclipse is the plugin you need to get for eclipse, you can then right click your project and go to Configure>Convert to Maven Project. Once this is done look in the Pom file it generates for you and select your output to war (I think by default it might be jar)
If you are new to Maven their website has a quick start guide which may be worth running through which will get you up to speed fast
5 Minute Test
It is worth he effort to learn how to use Maven as in the long run will save you a lot of time... as you wont have to write build scripts
Our team is facing a difficuties while developing/modifying a servlet.
The servlet is having some unknown problem and we think I may due to too many request.
We would like to find a way so that the request could be queue up.
But what matter most is that we are developing the servlet using tomcat as the servlet container, when we put it in the production server, our company use websphere to hold it.
I don't know about websphere, but I am sure it have some way to control the requests. But we are only allowed to use tomcat to develop. Thus we do not know what would happen in the production server, this make us very sad. Of course, our company cannot afford to make another websphere for development usage.
What can I do?
If you can't find the information you're looking for in the Infocenter, you should probably test/debug on WAS. There is a free developer license for Windows and Linux (you must install it on your development machine - see the FAQ for restrictions).
While there's some merit in targeting Tomcat in development, a complete ban on the target application server is counterproductive. Production is not the place you want to find incompatibilities.
Tomcat and Websphere has different architecture and servlet engines and i think you cannot get guarantee that application that perfectly runs on Tomcat will be as well on Websphere.
Try to use JBoss free version for tests. It much more similar to Websphere than a Tomcat.
We use it for this purpose on one of the project - and it cover 99% of our problems with deploys.
Also if i remember it right exist development license version of websphere and it kind of free(but with mad license restrictions)
This might be a newbie question. But I am working with iPhone programming and I have hosted my own webservices written in Java on a ubuntu linux and Eclipse EE edition with a glashfish server. Is there any easy way to export this webservice and getting it hosted elsewhere.
I have been looking around for a solution but have not found the grail yet.
All help is appreciated
I don't know what you have in mind when you think "export", but you're deploying a WAR file locally on Glassfish. That's the package you need to pick up and move to your hosting service. They, in turn, have to accept WAR files and deploy on a Java EE app server.
Your WAR file should be portable if it has everything your app needs. Make clear what you need from the server (e.g. dependent JARs); everything else should be in your WAR.
If you can adapt your solution to the limitations of the Google Application Engine, they will host it for free.
This strongly depends on how many Java EE features you use.
there any easy way to export this webservice and getting it hosted elsewhere.
You just need to take war file and deploy it somewhere else you want