• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Password protection for JAR files

 
kundan vyas
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can some one tell me a way to make a JAR file password protected.I wanna stop any unauthorized user from extracting the contents of a JAR file?
If yes,could you send me the exact command with arguments?
 
Cindy Glass
"The Hood"
Sheriff
Posts: 8521
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your best bet is probably to obfucate the class files in the jar. Do a google search on obfucators.
 
kundan vyas
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cindy, i have already checked out a lot of ways to stop decompilation of .class files.I wuz specific about the
password protection (signing) feature of JAR files.It would be kind of you
if you could give me some info on this topic.
------------------
kundanvyas@yahoo.com
[This message has been edited by kundan vyas (edited September 12, 2001).]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Signing is not the same as obfuscation or restricting access to JARs.
As Cindy said, obfuscation will 'mess up' the Java byte code in each class so that they are less likey to able to be decompiled.
Restricting access implies encrypting a JAR, I suppose there may be a custom ClassLoader util out there that wraps the JAR in an encryption package and requires some authorization before the JAR can be decrypted - Anyone?
Signing is different again. It is a way of convincing the user that the JAR you are sending them is actually the JAR they are meant to receive from you.
Imagine this scenario: you ask for a JAR from an external source, but someone in the middle stops the JAR and swaps it for their own. When you run the JAR it could do anything they wanted. Signing allows the original JAR owner to uniquely 'sign' the JAR so that it MUST come from that person, and it MUST be the JAR they intended to send.
Or as far as I remeber, been a couple of years.
Anyone have any idea on the Encrypting ClassLoader? I think I like that idea...
Dave.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic