wood burning stoves 2.0*
The moose likes Java in General and the fly likes Password protection for JAR files Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Password protection for JAR files" Watch "Password protection for JAR files" New topic
Author

Password protection for JAR files

kundan vyas
Greenhorn

Joined: Jun 22, 2000
Posts: 5
Can some one tell me a way to make a JAR file password protected.I wanna stop any unauthorized user from extracting the contents of a JAR file?
If yes,could you send me the exact command with arguments?


kundanvyas@yahoo.com
Cindy Glass
"The Hood"
Sheriff

Joined: Sep 29, 2000
Posts: 8521
Your best bet is probably to obfucate the class files in the jar. Do a google search on obfucators.


"JavaRanch, where the deer and the Certified play" - David O'Meara
kundan vyas
Greenhorn

Joined: Jun 22, 2000
Posts: 5
Cindy, i have already checked out a lot of ways to stop decompilation of .class files.I wuz specific about the
password protection (signing) feature of JAR files.It would be kind of you
if you could give me some info on this topic.
------------------
kundanvyas@yahoo.com
[This message has been edited by kundan vyas (edited September 12, 2001).]
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Signing is not the same as obfuscation or restricting access to JARs.
As Cindy said, obfuscation will 'mess up' the Java byte code in each class so that they are less likey to able to be decompiled.
Restricting access implies encrypting a JAR, I suppose there may be a custom ClassLoader util out there that wraps the JAR in an encryption package and requires some authorization before the JAR can be decrypted - Anyone?
Signing is different again. It is a way of convincing the user that the JAR you are sending them is actually the JAR they are meant to receive from you.
Imagine this scenario: you ask for a JAR from an external source, but someone in the middle stops the JAR and swaps it for their own. When you run the JAR it could do anything they wanted. Signing allows the original JAR owner to uniquely 'sign' the JAR so that it MUST come from that person, and it MUST be the JAR they intended to send.
Or as far as I remeber, been a couple of years.
Anyone have any idea on the Encrypting ClassLoader? I think I like that idea...
Dave.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Password protection for JAR files
 
Similar Threads
How to provide password to the prompt through Java
Secure your source code from third party?
Getting database connection remotely
Unable to execute jar file....got following stack trace.
Plz help me Regading WAS 5.0 Urhgent.....