Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Rich Client Platform (RCP) » Obfuscation pitfalls
Obfuscation pitfalls [message #550408] Fri, 30 July 2010 09:42 Go to next message
Andrei Lissovski is currently offline Andrei LissovskiFriend
Messages: 13
Registered: July 2009
Junior Member
Hi,

We're looking to obfuscate several "crown jewel" plug-ins in our RCP application and want to avoid possible breakages, especially with automatic updates to the application features/plug-ins. We have experimented with Obfuscate4e/ProGuard and have been generally pleased with the results. We did, however, encounter and resolve several breakages with the default ProGuard configs generated by Obfuscate4e. These are of course not due to a fault of their own but rather because in some cases they have no way of figuring out what should not be obfuscated. Specifically, we had to exclude:

- Classes we're serializing with XStream
- Classes that are contributed via our own extensions points

What other potential pitfalls should we be on the lookout for? Are there any best practices that you have identified for obfuscating your RCP applications?

Thanks a lot!

-Andrei
photogoodness.com

Report message to a moderator

Re: Obfuscation pitfalls [message #550413 is a reply to message #550408] Fri, 30 July 2010 09:54 Go to previous messageGo to next message
Thomas Schindl is currently offline Thomas SchindlFriend
Messages: 6651
Registered: July 2009
Senior Member
Hi,

The only other problem i found with ProGuard is in conjunction with
Hibernate you'll have to ensure ProGuard keeps them unmodified because
Hibernate reads bytecode informations.

We've tried some other solutions but Proguard was the easiest to
integrate into the eclipse build process.

I've also tried Obfuscate4e but decided to use ProGuard directly because
i was able to control the process better. I've a blog post in the queue
where I describe the way I've followed. I hope to publish it in the days
to come on http://tomsondev.bestsolution.at/

I think for the future we'll add a special @Annotation we put into our
code and can check in the proguard.cfg against which makes the
configuration of proguard easier.

Tom

Am 30.07.10 11:42, schrieb Andrei Lissovski:
> Hi,
>
> We're looking to obfuscate several "crown jewel" plug-ins in our RCP
> application and want to avoid possible breakages, especially with
> automatic updates to the application features/plug-ins. We have
> experimented with Obfuscate4e/ProGuard and have been generally pleased
> with the results. We did, however, encounter and resolve several
> breakages with the default ProGuard configs generated by Obfuscate4e.
> These are of course not due to a fault of their own but rather because
> in some cases they have no way of figuring out what should not be
> obfuscated. Specifically, we had to exclude:
>
> - Classes we're serializing with XStream
> - Classes that are contributed via our own extensions points
>
> What other potential pitfalls should we be on the lookout for? Are there
> any best practices that you have identified for obfuscating your RCP
> applications?
>
> Thanks a lot!
>
> -Andrei
> photogoodness.com

Report message to a moderator

Re: Obfuscation pitfalls [message #550576 is a reply to message #550408] Fri, 30 July 2010 21:23 Go to previous messageGo to next message
Alan is currently offline AlanFriend
Messages: 5
Registered: July 2009
Junior Member
Hello Andrei,

I have successfully used KlassMaster to obfuscate my plugin. It even handled the plugin.xml files and changed the names of my classes referenced under the extension points. So I did not have to exclude them from obfuscation.

As to best practices, I can only suggest keeping the obfuscation logs for shipped releases in a safe place so that stack traces in bug reports can be interpreted. But that's pretty obvious :)

Cheers
Alan

Cheers
Alan

Report message to a moderator

Re: Obfuscation pitfalls [message #650488 is a reply to message #550408] Tue, 25 January 2011 09:17 Go to previous messageGo to next message
Dmitry Leskov is currently offline Dmitry LeskovFriend
Messages: 1
Registered: January 2011
Junior Member
Suggested reading: "Securing Eclipse RCP Applications"

Report message to a moderator

Re: Obfuscation pitfalls [message #735785 is a reply to message #550413] Wed, 12 October 2011 17:29 Go to previous message
chalksb is currently offline chalksbFriend
Messages: 1
Registered: October 2011
Junior Member
Hi Tom,
Would you please point me to the direction of your published blog about Proguard in conjunction with Hibernate?
I find myself hopelessly stuck with trying to obfuscate my war file with hibernate and stripes.

Thank you very much!

Chalk

Report message to a moderator

Previous Topic:Writing a proper Eclipse debugger
Next Topic:Disabling properties
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Apr 26 22:18:11 GMT 2024

Powered by FUDForum. Page generated in 0.03269 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly