Results 1 to 2 of 2

Thread: Obfuscated code with Spring .Net

  1. 07-13-2012, 01:05 PM #1
    fxleonardo
    fxleonardo is offline Junior Member New User
    Join Date
    Jul 2012
    Posts
    1

    Default Obfuscated code with Spring .Net

    Has anyone ever gotten Spring to work with obfuscated code? Or are we stuck with leaving spring enabled objects to be unobfuscated?

    Thanks!
    Reply With Quote Reply With Quote
  2. 07-16-2012, 12:37 PM #2
    Steve Bohlen's Avatar
    Steve Bohlen
    Steve Bohlen is offline Member Spring TeamSpring User
    Join Date
    Jul 2010
    Posts
    245

    Default

    Am I correct in guessing that the issue/problem you find with trying to use an obfuscator on Spring-enabled objects is that the obfustactor (usually) wants to change type-names, etc. and that when these are externalized in XML files (or anything else OTHER than code, frankly) the obfuscator isn't smart enough to change the type declarations in the config files when it changes the type-names in the assembly as part of the obfuscation process?

    If so, this is a common challenge for ANY externalized references to types when obfuscating, not only Spring of course (e.g., the same issue arises if your web.config attempts to reference/register your own obfuscated http handler since its type-name won't any longer be what you -- or ASP.NET 'expects'). If you think about it, this same issue would arise if/when your obfuscated code is consumed by ANY non-obfuscated code (e.g., if you had created and then obfuscated any code in a dll, etc. with public members intended to be consumed by ANY other code EVER). 'Full' obfuscation is really only feasible if/when your own code is only EVER going to interact with only itself.

    Because of this, most obfuscators offer configurable 'levels' of obfuscation. Not sure what obfuscation tooling you may be using/considering, but as a (simple) example, Dotfuscator (a common choice in the .NET space) offers an attribute that you can apply to types you don't want renamed. See this post on StackOverflow for a simple example of this: http://stackoverflow.com/questions/9...th-dotfuscator . I'd recommend exploring the docs for whatever obfuscator technology you have chosen/are considering to discover how to 'control' the various scopes of obfuscation that it supports.

    If you don't want to be explicit about what you do and don't obfuscate (and to what levels) then the only feasible manner to accomplish this would be to NOT externalize your Spring config in XML files but instead to do all of your config in code (so that everything is then obfuscated in one big step together). You can probably accomplish *much* of this using the Spring.NET CodeConfig project (see http://www.springframework.net/codeconfig/ for more info).

    Hope this helps~!
    -Steve B.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules