actually, well written JSP should'nt contain much java code in it and so you
will be fine. The bit that is in will mostly be standard stuff that you can
find in any JSP book so you might as well give it away. Putting too much
code in your JSP is a bad idea.

I completely agree with mark too on decompiling code. If you are trying to
sell per user software you might just have to trust people. I mean look at
Microsoft, how many people steal office and windows, they seem to be doing
alright anyway.

chanoch

-----Original Message-----
From: pvancauteren@o... [mailto:pvancauteren@o...]
Sent: 01 December 2000 08:49
To: Java Server
Subject: Protecting yourself from de-compilation


When we compared Active Server Pages with Java Servlets, one of the
advantages of Java was that it was compiled and thus 'unreadable' (our
Java server application is installaed at our customers sites and we don't
want our customers to read the source of our application).
Now what worries me, is that it seems to be possible to decompile java
classes into java sources again (Mocha, ...).
Now my questions : What is the best way to protect yourself from
decompiling java classes (by our customers) ?
Use an obfuscator (like Obfuscate Pro) that makes the source itself
unreadable ?
Use Crema (from the writer of Mocha) ?
Someone else also suggested to write my own class loader or to sign my
Java jars.
Anyone else suggestions ?