Optimizing Protection Settings for Performance and Security

When you protect a Java application using Sentinel LDK Envelope, you must balance between two goals that have the potential to conflict with each other – performance and application security. To reach the optimum balance between these goals, you must customize the protection settings for your application in Envelope.

When you add a program to a Sentinel LDK Envelope project, Envelope applies default protection settings for the program. The largest method in each class is protected by default. However, Envelope is not able to determine whether the selected methods are the most appropriate methods to protect. Therefore, the default settings are not optimized to provide the best choices for either performance or security considerations.

To provide optimum performance while protecting the most important intellectual property in your program, use these guidelines to configure the protection settings for your program:

>Select only important methods for protection. Typical candidates for protection include: License methods, methods that contain License API calls, methods that contain intellectual property data.

>Do not select methods that are called often within a short period of time (within milliseconds). Typical methods that should not be protected include: paint methods, refresh methods, event handler methods, and similar methods.

If you select all the methods in your application for protection, you do not provide an additional level of security. Instead, the performance of your application will decrease significantly.

The following additional considerations apply when protecting JEE applications:

>It is recommended that you do not protect methods that are called in ServletContextListener classes. If you protect such methods, a deadlock could occur when the protected application is started or stopped.

>It is recommended that you do not protect doGet and doPost methods. These methods are typically called very often. Protecting them will probably reduce performance significantly.

>After you package the application to a WAR archive and protect, do not add additional ServletContextListener classes. If you add these classes after the application is protected, the application may not function.

Related Topics

Protecting J2EE Applications

Protection Details

Defining Windows Program Protection Details

Defining .NET Assembly Protection Details

Working with Programs