• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to "lock" a jar

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there a way to "lock" a jar file? My coder has used javafx to create an app.

thank you.
Jeff
email: jklamer@att.net
 
Sheriff
Posts: 5555
326
IntelliJ IDE Python Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Define "lock"?
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you for your reply,,,,,what i mean is that I/we do not want anyone to have access to the files contained within the jars for our two apps written using Java. We do not want anyone to know how our app was coded nor allow anyone to change the code.

Is this possible? If so, how can my coder do this? thank you.
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Would you want Java's system classloader to be able to access the classes in the jar, so that the app could be run?
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
well, we just want the apps to run,,,,,without the contents being divulged.
Is this possible? and, is it possible to not let people modify the code?
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can this be used: http://www.bfa-it.com/?lang=en&id=products/jarprotector

to accomplish what we are after?
 
author
Posts: 23951
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeff Klamers wrote:
Is this possible? and, is it possible to not let people modify the code?



Depends. Do you want to guaranteed secrecy? Or do you just want to slow them down a bit?

For the former, no, it is not possible. For the latter, yes, you have a few options to slow them down.

Henry
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i would like to protect our codes
so people cannot just right click on jar file and extract
nor modify code if this is possible, but the jar would still be runnable.

thanks.
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
what are the options regarding slowing people down?
 
Henry Wong
author
Posts: 23951
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeff Klamers wrote:what are the options regarding slowing people down?



Well, you kinda have two options that comes to mind.

One. You can obfuscate the class files. In this case, if someone tries to decompile the class files, it still creates Java code -- but the Java code has issues, which has to be repaired somewhat. It is also very difficult to read the decompiled source.

Two. You can compile it with an AOT (ahead of time) compiler. This will change (or wrap) your Jar file into an .exe file. And unfortunately, this will also remove your platform independence too... but regardless, this should make it harder to decompile.


Anyway, I recommend google of "Java Obfuscation" and "Java AOT" for more information.

Henry
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok, thank you, Henry
 
Henry Wong
author
Posts: 23951
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeff Klamers wrote:can this be used: http://www.bfa-it.com/?lang=en&id=products/jarprotector

to accomplish what we are after?



Interesting. Never heard of this option -- so, no opinion.

Henry
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok, thank you Henry.
 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Henry Wong wrote:

Jeff Klamers wrote:can this be used: http://www.bfa-it.com/?lang=en&id=products/jarprotector

to accomplish what we are after?



Interesting. Never heard of this option -- so, no opinion.

Henry


From what I've quickly read, it requires the JarProtector runtime to be used on top of the JVM, because what you've got aren't JAR files, but encrypted JAR files which they call CAR files. That adds a layer of security, but also extra work for the end-user - they will need to download and install another piece of software.
 
Saloon Keeper
Posts: 15510
363
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The bottom line is no. It's theoretically impossible to make code readable to a machine and unreadable to a human. All you can do is make it harder to read. Obfuscation and encryption have already been mentioned, but these are reversible processes.

The only way to keep your code out of the hands of a user to to never distribute it. This is how web applications work. Code is being executed on a server where users don't have access to it, and you only give them the execution results.
 
Bartender
Posts: 1357
39
IBM DB2 Netbeans IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Web Applications way of working mentioned by Stephan may also be replicated, with some efforts, for desktop application using Java FX.
You can put all the complex business logic on the server side and expose it as services. This doesn't protect your client code, but even with decompilation one would get only an half of the whole application - quite useless.
By the way, event HTML+CSS+JavaScript stuff in a web page isn't "protected": your browser allows you to show page source code, but as Stephan noted since all the relevant part of the business logic is done on the server side, such hacking is useless.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic