Hi, Our application has a translator that creates some java source files based on the user's input. These files will be at our client's development environment and contain some valuable information about our application. We are not comfortable with this situation. (These java source files will be converted to .class files etc..)
Is it possible to do any one of the following:
Feed the output of our translator (the output is a java program) directly to JVM so that we do not store .java or .class files on the disk i.e. is it possible to maintain the .java and .class files in-memory rather on disk etc. This option also takes care of protecting our proprietary information against decompilation/reverse engineering methods.
Or, feed the output of our translator directly to the Java compiler so that we do not store .java files on the disk. In this case the .class files generated by the compiler will be on the disk. in this case, our .class files are open to reverse engineering/decompilation. Any suggestions to prevent this.(Obfuscators etc).
I appreciate any help, suggestions, pointers etc that you can provide.
Thanks in advance --Ekalvya
Rovas Kram
Ranch Hand
Joined: Aug 08, 2003
Posts: 135
posted
0
I'm thinking your approach is wrong. What's preventing you from controlling the content of the .java file that is genrated?
Ekalavya Pandit
Greenhorn
Joined: Aug 27, 2004
Posts: 4
posted
0
Rovas, Thanks for your response. However all the content which will be there in the generated java file is needed for proper functioning of our application, and we want to protect this from reverse engineering.
Let me restate my problem. We have created a String in memory (which can be stored as a java source file on a disk). Can we compile this and execute this without .java and .class files written to disk.
I really think that Obfuscators and more importantly a patent are your best bet. Java can be decompiled. It's a fact. Even with an obfuscator -- it can still be decompiled but hopefully it doesn't make much sense.
Your best protection from Reverse Engineering is to Patent and license your technology so that if somone does figure out what you did, and tries to copy it -- you can legally attack them. [ August 27, 2004: Message edited by: Jessica Sant ]
But you have to decompile and unobfuscate their code to do it!
Ekalavya Pandit
Greenhorn
Joined: Aug 27, 2004
Posts: 4
posted
0
Jess, Many thanks for your suggestion.
Could you please answer the other part of the question which I posted before your post.
"We have created a String in memory (which can be stored as a java source file on a disk). Can we compile this and execute this without .java and .class files written to disk?".
Thanks in advance
Julian Kennedy
Ranch Hand
Joined: Aug 02, 2004
Posts: 823
posted
0
A compiler that accepted the contents of a source file through stdin and wrote the class bytecode to stdout could accomplish this. I don't know of a compiler that has that capability but you may be able to find an open source compiler and adapt it. Of course this may mean sacrificing some efficiency and/or platform-independence.
You can then load the class by subclassing java.security.SecureClassLoader and exposing the defineClass() method to create the class from a byte[].
If you're code's really *that* good then, as Jess said, you'd better patent it.
0
