Solved

Lock down the .war file

Posted on 2004-10-07
11
953 Views
Last Modified: 2010-04-01
Hi,
I have developed a JSP application that i want to give to a client to test. I do not want the client to be able to see the code. Is it possible to password protect the war file?

Thanks
0
Comment
Question by:gayuk
  • 4
  • 3
  • 2
  • +1
11 Comments
 

Expert Comment

by:cchaganti
ID: 12254403
You can compile the JSP files (using JSPC) and while WARring, remove all the original JSP files from the WAR file.
they will just see the compiled code. (I am assuming that they are deploying the war file given by you)...

0
 
LVL 49

Expert Comment

by:Ryan Chong
ID: 12256110
Try zip your war file with Winzip, and set a password, for example.
0
 

Author Comment

by:gayuk
ID: 12259144
ryancys,
I tried that but it does not work. The app server tries to unzip it for recompilation and that fails..
0
 
LVL 49

Expert Comment

by:Ryan Chong
ID: 12260576
What i mean is 1st try to compress your files into a war file 1st, and then simply use any zipping tool (in this case, Winzip) to zip the war file and make it password protected. Actually it's the way i've done for my previous client all the time when i deployed the jsp applications.
0
 

Author Comment

by:gayuk
ID: 12261521
ryancys,

I am not sure i understand. You can also create a war file through the Zip utility..Even if I were to create a war file and zip it up, would you unzip it before deploying it..

When you did this.. did you just put the zip file in the appropriate directory and leave it at that or did you unzip it and then deploy it?
I am sorry if is sound confused.. I am :-)

Thanks
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 49

Expert Comment

by:Ryan Chong
ID: 12261637
>>I am not sure i understand. You can also create a war file through the Zip utility
Actually i'm not too sure about that, really.. ;-)

Yet, I used to create war file from command prompt, like:

C:\jdk\bin\myApp>c:\jdk\bin\jar cvf c:\jdk\bin\myApp.war *.*

where i usually copy the whole application folder to bin folder, and then i zip the created myApp.war file with Winzip, and make it password protected.

and once it's deployed on my client's end. He will unzip the file, and then the client get the myApp.war file. And he will restart it's Servlet Container (Tomcat in this case), and then the war file is 'unwar'ed.

The above may also sounds weird, those are what i learn myself and it works for me so far for this couple of years ;-)

Correct me or other guys may have better approach 8-)
0
 

Author Comment

by:gayuk
ID: 12262076
Okay...
I see what you mean.. However, what i want to do is to secure the war file itself. I don't want the client to see the application code..
0
 

Author Comment

by:gayuk
ID: 12262094
cchangti,
Does using JSPC allow me to deploy on different servlet containers?.. I see this as a good option but is it supported by other app severs other than tomcat?

Thanks
0
 

Expert Comment

by:cchaganti
ID: 12277688
Yes, it is supported. But, you need to jspc with different application servers (effectively creating one war file per app server)...
for example you will use weblogic.jspc xyz.war for weblogic etc...,
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12537105
PAQed - no points refunded (of 25)

modulo
Community Support Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When we talk about DevOps toolchains, I sometimes wonder how many people really get what we’re talking about. I don’t know if it’s just semantics or tone or something else, but sometimes I think it just sounds like buzzword sausage. So it’s always …
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now