Menu
Is it worth to obfuscate java web application? and why?
627
Name obfuscation does not affect the performance and should always be used. You can virtualize methods that are not computationally intensive. Otherwise, control flow obfuscation should be used.
It's essential to hide business logic and code to make it harder for attackers to gain access and start debugging and tampering with your app. (They often repackage an application with malicious code.) 3. Code obfuscation can drastically reduce file size, and download times can be reduced drastically as well.
Code obfuscation is the process of making applications difficult or impossible to decompile or disassemble, and the retrieved application code more difficult for humans to parse.
Bytecode Obfuscation is the process of modifying Java bytecode (executable or library) so that it is much harder to read and understand for a hacker but remains fully functional. Almost all code can be reverse-engineered with enough skill, time and effort.
No. The code is stored on the server where external users (hopefully) don't have access to it. You may want to obfuscate the JavaScript if you feel it's worth the (minimal) IP protection.
The best thing is so make sure your server security is up to scratch and you don't have open access to your application directories (which shouldn't happen anyway).
138
IMO, no.
There are two main use-cases for obfuscation:
The problem is that obfuscation only foils half-hearted attempts at reverse engineering. A serious attempt will always succeed. It is really not that hard to decompile an obfuscated JAR file, and there are lots of tools around for doing it.
For the use-cases above, better alternatives to obfuscation are:
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
