posted 18 years ago
Interesting article. But it supposes that unencrypted classes are available, which is the case only if the password has been entered (because otherwise no attempts would be made to unencrypt the classes). A determined attacker would buy a license, get a key, and be able to access the bytecode. For against a casual attacker -who might do this in order to avoid paying license fees- the scheme does add additional security. But as you point out, obfuscation should definitely be used as well.
[ June 11, 2006: Message edited by: Ulf Dittmer ]