Careless Obfuscation Can Lose You BusinessFiled Under Code
Obfuscating code is important when attempting to keep your implementations safe, but done carelessly it can cause you business. While there are many obfuscation products for Java and .NET, there will always be industry leaders such as PreEmptive and Spices. Problems can occur when multiple components are obfuscated with the same products or same settings.
On a recent project, I had referenced a 3rd party component for PDF generation. When I attempted to add a spell-checking component from another vendor, *POOF*, everything went up in smoke. I could not shake a compile error complaining about ambiguous class names. Using Reflector I loaded up both 3rd party assemblies and found the following:
Careless obfuscation can create conflicting type names
I am protecting the guilty by blurring out the assembly names, but what is visible is the fact that both assemblies created non-unique namespaces and class names. This ambiguity created a deadlock of references and the possibilities were:
- Get one of the vendors to get me a new build ASAP
- Delay purchasing either component until a suitable replacement was found
Thankfully, this story ends happily and one vendor immediately responded to my email by fixing the issue and sending me a specialized build. The troublesome obfuscated classes had been moved into proper namespaces thus removing the ambiguity.
Compile errors are a bad first impression when attempting to make a sell. Bad obfuscation can cause problems that you may not have foreseen in testing. Test your assemblies in a number of scenarios to ensure they play nice with others and under different security contexts.