Hi, I've been looking around for a way to protect my source code from being extracted from the jar and decompiled. I have found some obfuscators, but am unaware of which one to use. Does anyone have a suggestion on obfuscators or of a better way to protect code? I understand that nothing is 100%, but I'd at least like to make a thief work for it. Thanks!
in my humble opinion, the best way to keep your source code from being misappropriated is to hire a lawyer. after all, your problem is a legal and social one — you want to stop people from engaging in certain antisocial behavior which is, generally, also illegal — so it's only logical that the best remedies should also be social and legal, not technological.
the second best is to ensure your opposition has nothing to decompile. make your application server-side only, and make sure you control the application server. nobody can de-obfuscate a .jar file they can't even get at.
somewhere down below that — i'm unsure if there are any further options in between or not; there might well be — comes the option of using the best obfuscator you can find. of course, you'll have to figure out which one that is. here, i recommend evaluating obfuscators by trying to break them. look at their obfuscated output, and apply some effort, ingenuity and Perl code; try to straighten it out to something recognizable. ideally, have two or three people noticeably smarter than yourself do this for you, unless you can be certain that none of your opponents will ever be any more intelligent than you are. pick the obfuscator that makes reversing its actions the hardest.
but really, i consider that option rather a poor one. it's a technological band-aid on a problem that's not technological in nature; it's trying to do something fundamentally impossible, namely, make unreadable code which the machine must be able to read in order to execute it; and it's trying to use a computer to outsmart a human being, a problem that is necessarily AI-complete. unless you're sure you have no better options, i really would not recommend it.