File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Java in General and the fly likes Protecting Code Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Protecting Code" Watch "Protecting Code" New topic

Protecting Code

Tyler Jordan
Ranch Hand

Joined: Nov 17, 2003
Posts: 70
I've been looking around for a way to protect my source code from being extracted from the jar and decompiled. I have found some obfuscators, but am unaware of which one to use. Does anyone have a suggestion on obfuscators or of a better way to protect code? I understand that nothing is 100%, but I'd at least like to make a thief work for it.
M Beck
Ranch Hand

Joined: Jan 14, 2005
Posts: 323
in my humble opinion, the best way to keep your source code from being misappropriated is to hire a lawyer. after all, your problem is a legal and social one — you want to stop people from engaging in certain antisocial behavior which is, generally, also illegal — so it's only logical that the best remedies should also be social and legal, not technological.

the second best is to ensure your opposition has nothing to decompile. make your application server-side only, and make sure you control the application server. nobody can de-obfuscate a .jar file they can't even get at.

somewhere down below that — i'm unsure if there are any further options in between or not; there might well be — comes the option of using the best obfuscator you can find. of course, you'll have to figure out which one that is. here, i recommend evaluating obfuscators by trying to break them. look at their obfuscated output, and apply some effort, ingenuity and Perl code; try to straighten it out to something recognizable. ideally, have two or three people noticeably smarter than yourself do this for you, unless you can be certain that none of your opponents will ever be any more intelligent than you are. pick the obfuscator that makes reversing its actions the hardest.

but really, i consider that option rather a poor one. it's a technological band-aid on a problem that's not technological in nature; it's trying to do something fundamentally impossible, namely, make unreadable code which the machine must be able to read in order to execute it; and it's trying to use a computer to outsmart a human being, a problem that is necessarily AI-complete. unless you're sure you have no better options, i really would not recommend it.
I agree. Here's the link:
subject: Protecting Code
It's not a secret anymore!