Hello Hari,
You can make your classes impossible to reverse engineer or unjar, by
encrypting them using an 'vanishing key' algorithm proposed by Prof Michael
Robin. It is mathematically proven that you can't break it while all the
algorithm like RSA, DES can be broken theoretically. But what would you do
with it? If you make a jar file impossible to unjar, how VM is going to
unjar it or understand it?
The simple answer is that you can't stop reverse engineering. There is no
better way to protect your intellectual property than copyright. Lots of
people will say that obfuscation is the way to do it. Obfuscator just makes
your code hard to decompile. You can imagine that if VM has to interpret
your code, then same way you can translate bytecode into source code.
Obfuscator changes the variable names and does some tricks in case of loops
etc so that they don't look like loops to a simple and naive decompiler.
However, a sophisticated decompiler would figure it out. After all, VM also
figures it out.
Note on obfuscator:
There are tons java obfuscators out there which change your bytecode.
However, I STRONGLY recommend not to use obfuscator for a good reason. As
you know that all modern java compilers (javac) don't do any optimization
whatsoever. All the optimization occurs at the runtime by the Hotspot VM and
all the hotspots in your code are compiled into native code. Now suppose if
your code is obfuscated and there is a CPU intensive for loop which doesn't
appear like for loop to VM profiler. This loop will not get compiled into
native code (even though it is a hotspot) because VM profiler couldn't make
out that it's a for loop. The same code without obfuscation will be be
optimized easily. So you loose here because your code is obfuscated.
Regards,
Chandra
The statements and opinions expressed here are my own and do not necessarily
represent those of Oracle Corporation.
> -----Original Message-----
> From: SriHari [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 14, 2001 2:59 PM
> To: [EMAIL PROTECTED]
> Subject: code Security in java
>
> Hi
>
> Is there any tool to secure java class files / to make them
> impossible to
> reerse engineer
> is there any method that protects the jar/war files making them to
> de/un jar
> impossible
>
> Pl let me know
>
> Hari
>
> ======================================================================
> =====
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
=========================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=P
http://www.jguru.com/jguru/faq/faqpage.jsp?name=rvlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
