This content has been marked as final. Show 12 replies
you gotta kidding me ha!!!!!!!! LOL
ok just tell me "For case of java class library" how can i try to secure the code
In computer field- nothing is secure , still but u should try to bother to someone who trying to break something!!!
what i want is!!! "a one can only use my methods with passing parameters rather than see what i implement inside" just hint me.
The best you can do when you make the huge security flaw to allow your application to touch the client computer is to obfuscate your code so it becomes "unreadable" after decompilation. That is not going to stop people from breaking and entering if they really want to. The good news there is that people very likely won't give a hoot about your stuff and won't attempt to.
So what are these 'keys' used for that you are trying to protect? They wouldn't be passwords for a database would they? What is the impact (financial, etc) if some of your user's gain access to those keys? Is it the keys your worried about, or someone stealing your code (design)? If you describe your situation in more detail, someone may be able to help. Personally, I think a web application instead of a desktop application (assuming that's what you are doing) may be better since the code and any keys are back on the server, away from the clients.
Java may be easier to get back to source, but in reality, there is no "safe way" to release code, so you should never put anything in it that you don't want viewed. That does not mean that there isn't ways to make it harder to view the code. Obfuscation is one thing that can be done, but you can be guaranteed that anything you do to make the code "unreadable" can be undone. I used to delight in going over code, decompile it, or, at times, just fishing through the machine code bytes to see what was there.
I am one that subscribes to the idea that there is no such thing as security, anyone that really wants to break in or read a product or site is going to do it. It is a game we play as programmers that goes like this: how difficult can I make it so most people leave my site alone or do not steal my code? Once the idea comes out of your head, it's fair game for anyone that really wants to take the time and effort to steal it.
If you do not want people to have your code, do as already suggested: do not release it, make a webservice and have it hoasted on a site. Make multiple tiers of objects with your most sensitive being called with arguments from previous layers to allow them to do their jobs without the end user ever seeing it's there, where it's located, or really what it does--hide it, don't let the user see it.
I faced the same issue and I tried to secure my java code.
In that, I came across a technique called "obfuscation". By using this technique,ur code will be shrunk,class names, method names and variable names will be renamed and so the hackers cant get the data from your code.
There are many tools to do obfuscation in java. The efficient tool is proguard.
U can refer http://proguard.sourceforge.net/
It will be highly beneficial for you.
I agree with some posts above, recently deploying java as a service is a more popular approach. Not particularly because code security, but the maintenance and usability of the application.
Not long ago writing a Java Swing desktop application gained a bit of popularity but it's getting a bit outdated now.
If code security is really important and you couldn't find any other way to secure your code in Java, consider writing your code in C++ maybe?
Not long ago writing a Java Swing desktop application gained a bit of popularity but it's getting a bit outdated now.I think you're just pontificating aimlessly here. How long ago? How much popularity? Outdated how? Since when? By what?
If code security is really important and you couldn't find any other way to secure your code in Java, consider writing your code in C++ maybe?Speaking of outdated. The world these days is moving towards SaS: Software as a Service; albeit at a glacial pace.