Originally posted by raj varma:
Hello ,
I have builed one swing application as per client specification. I giving this package as jar file and some directiries containing images. Now how do I put some securities in application, so that client can not sell or distribute that aplication to further any other person.
Please Help .
This is actually an easy question: you can't. Deep breath. Ah... That feels good, doesn't it? Remember, when you run an app on my machine,
I own the JVM.
Java provides a ton of security features and not a single one of them was designed to protect your code from me. (By the way, this is a good thing, not a bad thing)
If we can all accept that there is absolutely no technical solution to the problem, then you are in a position to consider technical solutions. Just remember that any technical solution is a deterent only. Ultimately, the security of whatever you are trying to protect is a matter of law, and that is the only real power you have.
So, what can you do? The real question is what are you trying to protect against? Do you think the customer wants to redistribute your application or are you just trying to be safe "just in case"? Are you afraid of them just sending the whole package over as is, "hey, here's a free copy of XYZ Pro 1.0", or are you afraid of them repackaging it as "ZYX Pro 2.0, for only half the price of XYZ 1.0"? What you want to protect against (specifically) and how much it is worth to you will dictate the ultimate solution.
Assumming you are willing to invest $$$ to "protect" your code, the biggest bang for your buck from a third party licensing system which clearly identifies the "owner" in the license. (You could attempt to write this yourself, but I strongly recommend against it. Even the "experts" have a hard time getting it right) The user can still redistribute the code, but only by incriminating himself or removing the licensing code. The latter is almost always trivial, but it requires an adversary who is actively trying to attack you. Your investment to stop a dedicated attacker will be MUCH greater, so you need to make sure that the value of what you are protecting is worth it.
It's hard to recommend anything more than that without knowing exactly what you are guarding against. If you post more specific concerns, it would definitely help everyone here to give more specific advice.