0

I have a spring based workflow system where the java plugins are uploaded and kept in jar format, they are referred and used by the jar file. However, I have seen that jar file is very easy to decompile and it is a security risk.

I tried obfuscation as well. I want to run exe so that it is run at byte code so it is very very hard to reverse engineer.

Saeed Hassanvand
  • 931
  • 1
  • 14
  • 31
Awais Ahmad
  • 378
  • 1
  • 4
  • 17
  • Alternatively: [How to lock compiled Java classes to prevent decompilation?](https://stackoverflow.com/questions/49379/how-to-lock-compiled-java-classes-to-prevent-decompilation) – Ben Oct 31 '18 at 06:08
  • @Ben from this above article, I wanted to explore the third option but cannot understand how to perform it. – Awais Ahmad Oct 31 '18 at 06:25

1 Answers1

1

You could use ProGuard as optimizer and obfuscator.

ProGuard also has a maven plugin that you can use it in the build process.

Saeed Hassanvand
  • 931
  • 1
  • 14
  • 31
  • thanks for the reply but i am trying to avoid ofuscation as it can be reversed easily. I am looking for a byte code level execution. – Awais Ahmad Oct 31 '18 at 06:49
  • This question that obfuscation how much can help code security and preventing it from being decompiled is related to the power of obfuscator. For example look at this link https://www.guardsquare.com/en/products/dexguard – Saeed Hassanvand Oct 31 '18 at 07:03
  • This is for Android, I need it for java maven plugins. Thanks though. – Awais Ahmad Oct 31 '18 at 08:10
  • [DashO](https://www.preemptive.com/products/dasho/overview) supports non-Android Java, on a variety of platforms, and has much stronger protection than ProGuard. (Full disclosure, I work for the company that makes DashO.) – Nathan Arthur Oct 31 '18 at 13:00