5

Possible Duplicate:
Do you obfuscate your commercial Java code?

Is there any way other then obfuscation to protect jars from being opened by someone else? The thing is that I don't want anyone to access the code, which is why I don't prefer Java. From the decompilers I used, programs made in C# and Java have EVERYTHING like the names of the variables intact which would make it easy to get access to programs that are not free. Worse, give out the source code.

Community
  • 1
  • 1
  • There isn't. If the JRE can open it, so can anyone. – John Dvorak Dec 22 '12 at 07:23
  • 4
    put the secure code and logic on your server – jmj Dec 22 '12 at 07:24
  • *"The thing is that I don't want anyone to access the code, which is why I don't prefer Java."* It's possible in any language. Easier, and more legal, is to give testing staff the task to describe the inputs and outputs, and the programming team the job to create a better version. They would neither need or want to look at the code for any part of that, unless it uses a truly non-intuitive algorithm. If that is the case, move that part to the server-side, as mentioned by @JigarJoshi. – Andrew Thompson Dec 22 '12 at 07:50
  • @AndrewThompson Do you know of any good decompiler for C++? – John Dvorak Dec 22 '12 at 07:58

2 Answers2

5

Most of these points are covered by comments above, but I'll expand on them a bit here:

If your code is running on the user's machine, the user can decompile your code. It doesn't matter what language it is. Java, C, whitespace, brainfuck, it doesn't matter. If the code runs on a computer, a human can read it. Even if you make your own homebrew language and compiler, the compiled code is still going to be a sequence of standard machine instructions, which decompilers will handily turn into readable code in C or whatever language you like.

No exceptions. Forget about it.

But there are ways to get what you want: protecting some secret business logic. An easy way to do this would be to place the business logic on your own machine and expose it with a web service. The user can still see the client requests and service responses but otherwise your logic is a black box.

You could also make your own machines, lock them down, and distribute them to users. Be aware that although this is possible, it's technically quite difficult to do correctly (think of all the hacked gaming consoles and smartphones), and will significantly increase the cost of your service.

0

As far as I know, jar files (generated with NetBeans) may contain only .class files, which are Java bitecode, not source code. I don't know if there's a way to reverse-engineer a .class file, but it has very little ASCII usable text.

Barranka
  • 20,547
  • 13
  • 65
  • 83
  • It's quite easy to reverse-engineer a `.class` file no a near-original source code. In fact, _most_ of its volume is ASCII - the full names of all dependent classes. – John Dvorak Dec 22 '12 at 07:57