Dinesh Dinesh - 1 month ago 14
Java Question

Java Applets - is it a wrong choice today?

I have some non-trivial computational code that need to be applied on data already downloaded into the browser DOM and captured from user interactions. I do not wish to expose this code. I am wondering if:


  1. write a webservice and communicate with the browser over websocket or http. The tradeoff is speed of interaction (from slick to poor) and higher traffic costs.

  2. write a Java Applet (signed to hide the code) that encapsulates logic within the page and let JavaScript interact with the Java api. I read elsewhere that Java and JS engine can deadlock in certain scenarions. However since I am only computing, this is non-issue. Maybe, on multi core machines I could divvy up my work using a few more threads.

  3. write in JavaScript. But JavaScript is difficult to test, AND it's all in public eye.



Q&A such as usability of Java applets in the web and several others are also discouraging.

My question is: are Java applets a dead technology. There aren't even Q&A on this topic these days! Additionally, Java may not always be bundled with all browsers (desktop, tablet or mobile)?

Are there other, better ways to accomplish the same - hide code, utilize client cpu/ram, minimize data traffic.

The web pages are on Javascript/html5/css. Server only dishes out JSON/XML. The data packets are 10-20KB and updated frequently. The computations are expensive and client-specific so I would really like to use the client to do all that.

Thanks a lot.

Answer

I thinks the biggest disadvantage of applet is that it assumes you have a JRE installed on a client machine. Is it really a viable assumption? Of course you can offer to download and install JRE as well, but why bother doing all this only for making some computation? Another question I would ask myself, can your clients be mobile phones, tablets and so on? If so, maybe the Java Script is a better option to go.

And yet another 5 cents :) You mentioned 'opened to eye java script' You should understand that the only real way of protecting your computation code is putting the computation on server. I mean, that even if you have a compiled binary code, java's assembly is easy-to-understand for skilled attacker. And obfuscation that you mentioned (its obfuscation, not signing jar) makes it slightly harder but still not impossible.

The only concern I see here is that if you have a lot of clients that are running the computation simultaneously and you put the burden of computation on your server it can collapse eventually.

Just my thoughts, hopefully this will help you to chose the best direction here...