•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Java section within the Software Development category of DaniWeb, a massive community of 391,623 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,692 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Java advertiser: Lunarpages Java Web Hosting
Views: 1043 | Replies: 7 | Solved
 |
•
•
Join Date: Feb 2007
Location: India-Tamilnadu-Chennai
Posts: 871
Reputation: 
Rep Power: 3
Solved Threads: 7
Practically a Posting Shark
Security for jar Hey guys..,
Plz Help me out for this.....
Is there any provision.... for giving security to a jar file.....i can easily unzip all the files from jar using winrar...
and we can easily get .java file from .class so i want to know is ther any way to provide security for jar file
Plz Help me out for this.....
Is there any provision.... for giving security to a jar file.....i can easily unzip all the files from jar using winrar...
and we can easily get .java file from .class so i want to know is ther any way to provide security for jar file
•
•
Join Date: Feb 2006
Posts: 1,360
Reputation:
Rep Power: 8
Solved Threads: 117
No. You can obfuscate your code, or possibly try to create a native executable rather than a jarfile but both of these are equally useless. If someone wants your code they are going to get it.
The only way you prevent them getting your code is to not distribute it. In otherwords provide a web service or web site so that the consumer never gets your code onto his computer. But even then, reverser engineering can still be performed by determined people.
The only way you prevent them getting your code is to not distribute it. In otherwords provide a web service or web site so that the consumer never gets your code onto his computer. But even then, reverser engineering can still be performed by determined people.
Java Programmer and Sun Systems Administrator
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
•
•
Join Date: Nov 2005
Posts: 72
Reputation:
Rep Power: 3
Solved Threads: 5
Junior Poster in Training
•
•
•
•
But even then, reverser engineering can still be performed by determined people.
Yea, like someone in serious need of "homework help".
Jars are just another archive-type file.. The purpose is to hold a number of files under a common name, "myfile.jar", to keep organized and to make it easier for the system to keep related class files all together. That could be reworded, but we know what I mean.
The best option is to create custom jar files and to place only the .class files inside the jar. Of course someone could still decypher the logic in the program by analyzing the compiled bytecode, but why? That's why commercial businesses compiles exe's, and not class files, no?
synchronized (theWorld) { System.out.println ("It's all mine..."); }
How many people have code in their Sigs?
How many people have code in their Sigs?
•
•
Join Date: Nov 2004
Location: Netherlands
Posts: 5,646
Reputation:
Rep Power: 18
Solved Threads: 191
No, exes too can be easily decompiled and the source analysed (by someone who knows how).
ALL programs can be decompiled by someone who is determined enough.
The only reason some people ship what looks like executables when they ship Java programs is to enable them to be run on systems that have no JVM installed.
If you were to analyse those exes, you'd find that they're typically a JVM with all the classes added to the end as a jar file that's just copied into the exe and deflated at runtime.
Simple fact of life: The vast majority of peope couldn't care less about decompiling your program.
The vast majority of people (usually kids, almost never professionals) who think they need to "secure" their classes write code that's completely uninteresting to anyone who would look at it. There's nothing very clever or groundbreaking there that would give someone a business advantage for example.
The rest won't be stopped by anything.
If you don't want people to ever have the ability do decompile and read your sources, don't ship them.
Deliver your product/service through a web interface for example, or as a SOAP service.
ALL programs can be decompiled by someone who is determined enough.
The only reason some people ship what looks like executables when they ship Java programs is to enable them to be run on systems that have no JVM installed.
If you were to analyse those exes, you'd find that they're typically a JVM with all the classes added to the end as a jar file that's just copied into the exe and deflated at runtime.
Simple fact of life: The vast majority of peope couldn't care less about decompiling your program.
The vast majority of people (usually kids, almost never professionals) who think they need to "secure" their classes write code that's completely uninteresting to anyone who would look at it. There's nothing very clever or groundbreaking there that would give someone a business advantage for example.
The rest won't be stopped by anything.
If you don't want people to ever have the ability do decompile and read your sources, don't ship them.
Deliver your product/service through a web interface for example, or as a SOAP service.
42 Private messages asking for help will be ignored
In the frozen land of Nador they were forced to eat Steve's iMinstrels, and there was much rejoicing.
In the frozen land of Nador they were forced to eat Steve's iMinstrels, and there was much rejoicing.
•
•
Join Date: Nov 2005
Posts: 72
Reputation:
Rep Power: 3
Solved Threads: 5
Junior Poster in Training
Good thoughts. I've always been a strong supporter of the "open source" concept, even though (as you've made it clear) the source need not be distributed for another programmer to find out how the software was coded (logic, algorithms, etc). Just goes to show - you can't hide something if you give it away. And you're right. Code security does not beat performance and simplicity.
synchronized (theWorld) { System.out.println ("It's all mine..."); }
How many people have code in their Sigs?
How many people have code in their Sigs?
•
•
Join Date: Nov 2004
Location: Netherlands
Posts: 5,646
Reputation:
Rep Power: 18
Solved Threads: 191
I'm not talking open source here, just common sense.
The best protection for your intellectual property is not letting it out the door.
If that's not possible, make sure your customers know what they're licensed to do and what the penalties are for doing things they shouldn't (like decompilation and illicit redistribution).
The best protection for your intellectual property is not letting it out the door.
If that's not possible, make sure your customers know what they're licensed to do and what the penalties are for doing things they shouldn't (like decompilation and illicit redistribution).
42 Private messages asking for help will be ignored
In the frozen land of Nador they were forced to eat Steve's iMinstrels, and there was much rejoicing.
In the frozen land of Nador they were forced to eat Steve's iMinstrels, and there was much rejoicing.
•
•
Join Date: Feb 2007
Location: India-Tamilnadu-Chennai
Posts: 871
Reputation:
Rep Power: 3
Solved Threads: 7
Practically a Posting Shark
Thank you guys ...Finally i have decided to Opt this one to go ahead....
product/service through a web interface or as a SOAP service.
product/service through a web interface or as a SOAP service.
Adios,
Vinod......
Vinod......
•
•
Join Date: Nov 2004
Location: Netherlands
Posts: 5,646
Reputation:
Rep Power: 18
Solved Threads: 191
yup, that's a good way to do it. Do take into account the cost of running a stack of SOAP servers though in your price when you sell your service 
42 Private messages asking for help will be ignored
In the frozen land of Nador they were forced to eat Steve's iMinstrels, and there was much rejoicing.
In the frozen land of Nador they were forced to eat Steve's iMinstrels, and there was much rejoicing.
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Java Marketplace
Linear Mode
•
•
•
•
antivirus apple botnet browser business crack crime database development email encryption firefox fraud google government hacking id theft internet ipod java linux malware mcafee microsoft microsystems mobile news phishing php platform privacy programming report research satnav search security software spam spyware sun survey terrorism trends trojan virus vista web windows worm
- As a newbie, where i should start from in linux? (Getting Started and Choosing a Distro)
- Security Issues (*nix Software)
- DLL equivalent to xerces.jar (Java)
- Opera Rushes Out Another Security Fix (Windows NT / 2000 / XP / 2003)
Other Threads in the Java Forum
- Previous Thread: read the input in port module
- Next Thread: Please tell me the disadvantages of jini tech
