2 Replies Latest reply: Apr 26, 2012 11:10 AM by morgalr RSS

    What is the best way to distribute your swing application:

    kamal.java
      I have developed a application that connects to data base and it containes the functionality to manage the invoices and receipts system, but i am scare to distribute it by building it to jar using the netbeans build option , it runs fine but when i extract the jar file back i m scare that any one can easily decompile it using JAD and get the database credentials , please tell me the best way to distribute the application so that reverse engineering the application will not be possible please tell me that :(
        • 1. Re: What is the best way to distribute your swing application:
          DrClap
          Decompiling is unnecessary. All somebody would have to do would be to sniff the transmissions between your application and your database; the credentials are sent unencrypted.

          So the problem is not that somebody could find out the database credentials, the problem is that your database exposes itself to the internet. And if anybody does find the credentials through any method at all, then you've got a problem.

          And by the way if you distribute your application with the credentials hard-coded, then that makes it difficult for you to change the password if it does get compromised, because then nobody can use your application any more. This is a bad thing because one of the first things you should do when your system is compromised is to change the access password.

          So really the best way to distribute this application would be to write it so that it connects to an application which runs on your server. This server application would communicate with the database, which would make it unnecessary for the database to be visible from the internet. Your Swing application would communicate with the server application via some kind of web service protocol.
          • 2. Re: What is the best way to distribute your swing application:
            morgalr
            Dr Clap is exactly right... the only thing I would add is:

            If you think you can distribute anything in any format and have it secure, you are fooling yourself. Security is only an illusion that allows us to sleep at night and keeps the basically honest user from peeking at your code. If someone really wants your code, they will get it--obfuscated or anyother scheme you come up with, can and will be cracked because all they have to do is use a spy and follow the execution or decompile it directly and play with it--nothing is secure once it leaves the privacey of your brain--security basically puts us on a modified honor system.

            Design everything with that in mind.