- 3,735,154 Users
- 2,247,123 Discussions
- 7,857,751 Comments
Forum Stats
Discussions
Howdy, Stranger!
Categories
- 381K All Categories
- 2.1K Data
- 203 Big Data Appliance
- 1.9K Data Science
- 446.2K Databases
- 220.5K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 23 Multilingual Engine
- 507 MySQL Community Space
- 459 NoSQL Database
- 7.7K Oracle Database Express Edition (XE)
- 2.8K ORDS, SODA & JSON in the Database
- 438 SQLcl
- 3.9K SQL Developer Data Modeler
- 185.4K SQL & PL/SQL
- 20.8K SQL Developer
- 291.4K Development
- 6 Developer Projects
- 117 Programming Languages
- 288.1K Development Tools
- 96 DevOps
- 3K QA/Testing
- 645.2K Java
- 18 Java Learning Subscription
- 36.9K Database Connectivity
- 149 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.7K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 12 Java Essentials
- 139 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 195 Java User Groups
- 22 JavaScript - Nashorn
- Programs
- 181 LiveLabs
- 34 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 165 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 225 Portuguese
what securing code is hard!!
Hi
im a new project manager supervising the development of a javafx desktop application, iv made the choice considering the java xplateforme benefits especially on low dev costs .
i discovered that securing the code is a very ( and very) hard task. according to my team and my googling research result, its impossible to deny access to your code , even obfuscating the jar.
IS IT POSSIBLE ???? I CANT BELIEVE that ! if real, what meanful the speaking on security on java is ? hope find a response to that .. in instance thanks a lot
Answers
-
Aykut,
Since Java runs on the JIT (just in time compiler) your code has to be readable and since it translates down to byte code, it has to be read by the JVM at execution time. So you are left to work within that framework. You can make it more difficult to steel your code, but you are talking about an open system you have chosen to use in development, it rubs against the basic philosophy of Java.
So you enter the what I call they why Bother Zone of application development. Obfuscate or not to obfuscate, that is the question. I did an exercise purely for my own curiosity sake and reverse engineered an obfuscated project. It took more time, but was very doable. So you can make it harder to get to an understanding of your source by reverse engineering. Egh.
You can get a program to give you an EXE out and lose all the niceties of being able to run anywhere there is a supporting JVM. Again I say: egh.
Another approach is to do Enterprise level Java solution and host your project on the web, so your client does not get you system, just some HTML interfacing produced by your web service. Well... egh.
Security it a billion dollar a year industry and hiding your code behind bulletproof inscriptions and locks can be far more expensive than the original development. So Open Source has sprung up and is alive and well. Use it, abuse it, make it, break it... pay for support and make us rich.
I choose the latter where the client pays for support: installation and yearly support licensing and etc.