compile helma
10 views
Skip to first unread message
Julian Tree
Nov 11, 2013, 10:26:37 AM11/11/13
to he...@googlegroups.com
Hey guys,
I know this may be against the open source principle, but is there a way to release a HELMA app in compiled by-code formate? We just have some logic and may be password that we don't want to the user to see the plain source code.
Julian
I know this may be against the open source principle, but is there a way to release a HELMA app in compiled by-code formate? We just have some logic and may be password that we don't want to the user to see the plain source code.
Julian
Joshua Paine
Nov 11, 2013, 10:43:09 AM11/11/13
to he...@googlegroups.com
You mean your application written in JavaScript running on Helma? It
looks like it should be possible to get Rhino to compile the JavaScript
to Java classes, so this is probably possible in some way, but I don't
think Helma's meant to work this way. It's also suspect as a goal, not
from open source principles but just from, "Wait, what exactly are you
doing here?"
In a typical Helma app deployment you control the server(s) that the app
is running on. Users over the web can't see your Helma app code and with
little effort you can prevent them even from knowing whether you wrote
the app in Helma or PHP or Rails or whatever. (If users over the web can
see your Helma app code, you're definitely doing it wrong.)
If you're talking about delivering a binary to your customers so they
can run their own copy of your Helma app on their own web servers, you
should be realistic about the level of protection compilation would give
you. Java bytecode is easily decompiled to at least an approximation of
the source, and even in the abscence of original variable names, any
special sauce logic code be picked out without too much trouble. Trying
to protect passwords this way is Right Out. You might as well base64
encode the password and name the variable notThePassword for all the
protection you'd get.
-Joshua
looks like it should be possible to get Rhino to compile the JavaScript
to Java classes, so this is probably possible in some way, but I don't
think Helma's meant to work this way. It's also suspect as a goal, not
from open source principles but just from, "Wait, what exactly are you
doing here?"
In a typical Helma app deployment you control the server(s) that the app
is running on. Users over the web can't see your Helma app code and with
little effort you can prevent them even from knowing whether you wrote
the app in Helma or PHP or Rails or whatever. (If users over the web can
see your Helma app code, you're definitely doing it wrong.)
If you're talking about delivering a binary to your customers so they
can run their own copy of your Helma app on their own web servers, you
should be realistic about the level of protection compilation would give
you. Java bytecode is easily decompiled to at least an approximation of
the source, and even in the abscence of original variable names, any
special sauce logic code be picked out without too much trouble. Trying
to protect passwords this way is Right Out. You might as well base64
encode the password and name the variable notThePassword for all the
protection you'd get.
-Joshua
Julian Tree
Jan 23, 2014, 2:14:16 AM1/23/14
to he...@googlegroups.com
Joshua, let's have private conversation about this. I am working on something very interesting with helma. I am sure there are better ways to do this, but helma is perfect for the prototype.
-Joshua
--
You received this message because you are subscribed to the Google Groups "Helma" group.
To unsubscribe from this group and stop receiving emails from it, send an email to helma+unsubscribe@googlegroups.com.
To post to this group, send email to he...@googlegroups.com.
Visit this group at http://groups.google.com/group/helma.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages