Jim, With all respect, I (partially) disagree with you: > With respect, I disagree from a Java perspective. > > 1) If you are deploying Java on the server you are protected > by so many layers, code obfuscation is not critical True, but there are more reasons than just security for using obfuscation - reducing (but not eliminating!) the risk of reverse engineering, protection of intellectual property, etc. So if you're saying "code obfuscation is not critical FOR SECURITY" I agree, but not necessarily for other reasons. > 2) If you are deploying Java Applets for enterprise > applications, you are nuts. They are inherently insecure and > Java applets have a long history of critical problems. Well, this is true - but it's the wrong reason. As just about everyone on this list knows, relying on the client side to do security enforcement is inherently a losing proposition. And obfuscating the bytecode doesn't make client-side enforcement any more secure. --Jeremy
