Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Rich Client Platform (RCP) » Obfuscation pitfalls
Obfuscation pitfalls [message #550408] Fri, 30 July 2010 05:42 Go to next message
Andrei Lissovski is currently offline Andrei Lissovski
Messages: 13
Registered: July 2009
Junior Member
Hi,

We're looking to obfuscate several "crown jewel" plug-ins in our RCP application and want to avoid possible breakages, especially with automatic updates to the application features/plug-ins. We have experimented with Obfuscate4e/ProGuard and have been generally pleased with the results. We did, however, encounter and resolve several breakages with the default ProGuard configs generated by Obfuscate4e. These are of course not due to a fault of their own but rather because in some cases they have no way of figuring out what should not be obfuscated. Specifically, we had to exclude:

- Classes we're serializing with XStream
- Classes that are contributed via our own extensions points

What other potential pitfalls should we be on the lookout for? Are there any best practices that you have identified for obfuscating your RCP applications?

Thanks a lot!

-Andrei
photogoodness.com
Re: Obfuscation pitfalls [message #550413 is a reply to message #550408] Fri, 30 July 2010 05:54 Go to previous messageGo to next message
Thomas Schindl is currently offline Thomas Schindl
Messages: 5197
Registered: July 2009
Senior Member
Hi,

The only other problem i found with ProGuard is in conjunction with
Hibernate you'll have to ensure ProGuard keeps them unmodified because
Hibernate reads bytecode informations.

We've tried some other solutions but Proguard was the easiest to
integrate into the eclipse build process.

I've also tried Obfuscate4e but decided to use ProGuard directly because
i was able to control the process better. I've a blog post in the queue
where I describe the way I've followed. I hope to publish it in the days
to come on http://tomsondev.bestsolution.at/

I think for the future we'll add a special @Annotation we put into our
code and can check in the proguard.cfg against which makes the
configuration of proguard easier.

Tom

Am 30.07.10 11:42, schrieb Andrei Lissovski:
> Hi,
>
> We're looking to obfuscate several "crown jewel" plug-ins in our RCP
> application and want to avoid possible breakages, especially with
> automatic updates to the application features/plug-ins. We have
> experimented with Obfuscate4e/ProGuard and have been generally pleased
> with the results. We did, however, encounter and resolve several
> breakages with the default ProGuard configs generated by Obfuscate4e.
> These are of course not due to a fault of their own but rather because
> in some cases they have no way of figuring out what should not be
> obfuscated. Specifically, we had to exclude:
>
> - Classes we're serializing with XStream
> - Classes that are contributed via our own extensions points
>
> What other potential pitfalls should we be on the lookout for? Are there
> any best practices that you have identified for obfuscating your RCP
> applications?
>
> Thanks a lot!
>
> -Andrei
> photogoodness.com
Re: Obfuscation pitfalls [message #550576 is a reply to message #550408] Fri, 30 July 2010 17:23 Go to previous messageGo to next message
Alan is currently offline Alan
Messages: 5
Registered: July 2009
Junior Member
Hello Andrei,

I have successfully used KlassMaster to obfuscate my plugin. It even handled the plugin.xml files and changed the names of my classes referenced under the extension points. So I did not have to exclude them from obfuscation.

As to best practices, I can only suggest keeping the obfuscation logs for shipped releases in a safe place so that stack traces in bug reports can be interpreted. But that's pretty obvious :)

Cheers
Alan


Cheers
Alan
Re: Obfuscation pitfalls [message #650488 is a reply to message #550408] Tue, 25 January 2011 04:17 Go to previous messageGo to next message
Dmitry Leskov is currently offline Dmitry Leskov
Messages: 1
Registered: January 2011
Junior Member
Suggested reading: "Securing Eclipse RCP Applications"
Re: Obfuscation pitfalls [message #735785 is a reply to message #550413] Wed, 12 October 2011 13:29 Go to previous message
chalksb is currently offline chalksb
Messages: 1
Registered: October 2011
Junior Member
Hi Tom,
Would you please point me to the direction of your published blog about Proguard in conjunction with Hibernate?
I find myself hopelessly stuck with trying to obfuscate my war file with hibernate and stripes.

Thank you very much!

Chalk
Previous Topic:Writing a proper Eclipse debugger
Next Topic:Disabling properties
Goto Forum:
  


Current Time: Mon Jul 14 02:12:07 EDT 2014

Powered by FUDForum. Page generated in 0.01836 seconds