You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By obfuscating the source code, we prevent an attacker from having access to the source code in order to exploit possible logic flaws.
Obfuscation of source code has popularized its use in android applications due to the apk being downloaded to the user's device.
In a scenario of invasion to the server, access to source codes is much more critical, exposing sensitive information that assists the attacker in his attack.
I found the source code at https://github.com/Guardsquare/proguard and it has a GPL v2 license. As it re-writes the whole application, I would be very cautious to use it, as I believe this means your whole application becomes GPL v2.
Anyway, I really don't understand the added-value of such a tool for a server-side application (=the attacker has access to the database, why bother modifying the Java code), and it would definitely make debugging and monitoring more complicated (=Java agents will be unusable), so I would be very hesitant to use it. I wouldn't push it to our users, anyway, as it can cause a huge number of side-effects because of the code modifications.
I asked to Proguard team and they answered: "Optimizing and name-obfuscating server-side applications is generally not useful, unless you are really concerned about the application size."
We can close this issue, leaving it only for history.
Overview of the feature request
Add Proguard to the JHipster stack, increasing the security of the projects and contributing to a safer internet.
ProGuard is a tool with more than 7 years of existence, open source and that will continue to have releases.
https://www.guardsquare.com/en/products/proguard/manual/introduction
http://wvengen.github.io/proguard-maven-plugin/
Motivation for or Use Case
By obfuscating the source code, we prevent an attacker from having access to the source code in order to exploit possible logic flaws.
Obfuscation of source code has popularized its use in android applications due to the apk being downloaded to the user's device.
In a scenario of invasion to the server, access to source codes is much more critical, exposing sensitive information that assists the attacker in his attack.
Related issues or PR
#1405
The text was updated successfully, but these errors were encountered: