Viewing the Source
Q
Hi Selena:
These last three weeks I haven't missed any of your articles, they are full of teaching.
I hope you can help me with this question:
How can I hide the java code from the View/source?
thank you.
A
Thanks much for taking the time to read my articles and I am glad that they are useful to someone!
It makes all the late nights in front of the monitor worth it :)
Anyway, in regards to your question. I am not exactly sure what you mean.
There are actually two ways I might interpret it, so I will try to answer both (since I think both answers are interesting)
For one, perhaps you are asking how to disable the "View Source" option that most web browsers provide through their standard menu bar or their right-click popup menu.
For those of you who might not know, when you choose "View->Page Source" in Netscape 4.6, you are able to see the HTML code that is used to generate any web page on the net.
I think Internet Explorer uses the similar "View->Source" notation.
Well the answer to that is... you can't.
As far as I know, there is no way to disable the "View Source" menu item using Java or JavaScript.
However, I could imagine that at some later date, the View Source API might be exposed through JavaScript in particular.
I doubt you will ever have access to it from Java itself.
As a result, you should always assume that an interested viewer can always look at the HTML code that you use to reference an applet or send parameters to an applet.
Thus, they might get something like the following:
<APPLET CODE = "foo.class WIDTH = "50" HEIGHT = "50">
<PARAM NAME = "foo" VALUE = "bar">
</APPLET>
However, from a security perspective, I don't think that this is all that serious.
A snooper can't really learn all that much about your private code by simply looking at the APPLET tag.
Further, the browser is going to need some way to send parameters to the applet.
If it is not accessible via the View Source method, it will be accessible in some other way... afterall, if the browser can get to it, so can any hacker.
On the other hand, you might be asking how to hide your Java Source code from people who might be snooping.
This is a little more possible and may even be important to your business!
Well rule number one is of course, don't include the Java source code (.java files) in a web-accessible directory.
When you want to distribute an applet, just provide the byte-code compiled class files.
If you have ever looked at a .class file, you will know that someone who downloads your class files and snoops through them will get a lot of machine-code gibberish.
However, even the byte-code compiled class files can be reverse-engineered to some degree by a crafty hacker.
So if you are especially security-conscious, you could obfuscate (weak encryption) your class files using the JAR or CAB packaging tools.
I use Jzipper myself to do obfuscation because it has a nice windows interface.
However, as Mark says on www.javasoft.com's Discussion Forum,
"a number of Java obfuscators exist in both commercial and share/freeware format, though a few of the better free versions seem to have been swallowed up for use in the commercial market of late."
Here are a couple of places to check out:
- http://www.4thpass.com/
- http://www.access.digex.net/~rrl/
- http://www.e-t.com/jshrink.html
But, be warned: an obfuscated applet takes longer for a browser to run and obfuscation is not supported below 4.5 browsers.
For a much more detailed discussion of decompiling Java and using obfuscation, check out
http://www.javacats.com/US/articles/decompiler2.html#part1
Okay, I think that should pretty much answer your question.
But before I exit this post, I want to say that in my mind there are only a few good reasons to hide your source code from inspection.
Open Source code tends to be
- better
- more secure
- and is a viable product.
If you are interested in how one might release all one's source code for the benefit of the community as well as one's own pocket book, check out:
http://www.extropia.com/open_source_case_study.html
Selena Sol contributes to the JavaBoutique's Introduction to Java. Selena curently works for Barclays Capital in London, one of the leading global investment banks in Europe and has worked as a software developer for the National Center for Human Genome research, Microline Software, Neuron Data, and Electric Eye in Singapore. Selena is perhaps best-known for creating the Public Domain Web Script Archive (Extropia) and writing several books on Web Programming (Perl, CGI, Java).
Email: selena@extropia.com
New on the Java Boutique:
New Review:
Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling
API boasts simplicity, ease-of-integration, a well-rounded feature
set, and it's free!
New Applet:
Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA
sequences into three useful formats.
Elsewhere on internet.com:
WebDeveloper Java
Lots of Java information on webdeveloper.com
WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.
ScriptSearch Java
Hundreds of free Java code files to download.
jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.
| 
