Databases Reference
In-Depth Information
cess literally creates a .java file that is stored on the file system. Next, the
server compiles this newly generated Java class to create a .class file, which is
then used to process the request. This class is the only thing the server needs
to have in order to process requests—the translation and compilation pro-
cess is merely a convenience for the developer (and actually makes the
server take a performance hit the first time a JSP is accessed). Note that the
process exposes source code twice—once as the JSP and once as the Java
source file.
Resolving the JSP source issue is easy. At deployment time you can pre-
pare all the class files from the JSPs. If the server already has an up-to-date
class file, it will bypass the translation and compilation stages altogether,
and you can avoid even having the JSP code deployed. For example, you
can download an Ant task called jspc to perform this process on your behalf
from http://ant.apache.org/manual/OptionalTasks/jspc.html. Some servers
provide built-in utilities and instructions for this process. For example,
Oracle 9iAS's has an
ojspc
utility (for more information see Chapter 6 of
the Oracle 9iAS Containers for J2EE Support for JavaServer Pages Refer-
ence) and Web Logic has a built-in Java class for performing this called
weblogic.jspc
.
Now let's turn to obfuscation. Obfuscation is a technique used in both
the Java and .NET world that transforms pseudo-code into a form that
makes reverse engineering difficult. Although it is still possible to derive
source code from obfuscated pseudo-code, it is not doable with simple util-
ities, and manually cracking obfuscated pseudo-code is usually impractical.
Obfuscation of programs is a multistep task because all parts of the pro-
gram need to be obfuscated. The main obfuscation categories are as follows:
Layout obfuscation
, including identifier scrambling, removing of com-
ments, and method locations
Data obfuscation
, affecting the data structures and data encoding. For
example, a two-dimensional array may be converted into a one-
dimensional array and spread around. An iteration of the form:
int i=1;
while (i < 100) {
.. arr[i] ..
i++
}
may be converted (and then spread out inside the method) to:
..
Search WWH ::
Custom Search