Jars and .class files - security of the source code
Hi,
I have an app that is in a jar file with the .class files (so no source code).
I'm wondering how difficult it is to attain the source code from these .class files in my jar? Looking through the contents of the .class files it seems there is a large amount of readable text. For example I see method names, variables, etc.
This leads me to believe these jars are not secure. What is a better way?
Thanks!
Edit:
Looking around, I've noticed many java decompilers and Sun even supports a dissembler - javap. I think this is not cool, haha.
What way can I protect my code? To me, the value of java just went way down due to the ease at attaining source code (based on what I read in the past hour or so. I have yet to try it myself). I wonder if this impacts companies reasons not to use java?
Edit 2:
I heard that there may be a way to make the jar closed, so you can't say, use winrar, to extract the class files. Does anyone know anything about this?
Message was edited by:
dayrinni
Message was edited by:
dayrinni
[1107 byte] By [
dayrinnia] at [2007-11-27 9:17:50]
# 1
> Hi,
>
> I have an app that is in a jar file with the .class
> files (so no source code).
>
> I'm wondering how difficult it is to attain the
> source code from these .class files in my jar?
> Looking through the contents of the .class files it
> seems there is a large amount of readable text. For
> example I see method names, variables, etc.
>
> This leads me to believe these jars are not secure.
> What is a better way?
>
> Thanks!
>
> Edit:
> Looking around, I've noticed many java decompilers
> and Sun even supports a dissembler - javap. I think
> this is not cool, haha.
>
> What way can I protect my code? To me, the value of
> java just went way down due to the ease at attaining
> source code (based on what I read in the past hour or
> so. I have yet to try it myself). I wonder if this
> impacts companies reasons not to use java?
All intellectual property stored in electronic form is vulnerable. Not just Java bytecode. You can use tools called obfuscators to make decompiling more difficult, which is usually good enough. The truth is, no matter how great you think your code is, it's of a lot less interest to others than you actually think. Unless you've got a particularly sexy argorithm or something, it's not really worth worrying too much about
All you can do is make it more difficult for people to crack things, never prevent it. True of all languages, all electronic media
