• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security in Java

 
Ranch Hand
Posts: 328
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Friends,
Very few days, i was looking at one decompiler for Java, through which one is able to see the java code if ".class" file is available.
I want to know is there any API or settings through which one can prohibit this decompilation.
I think in ".net framework" there is something Obfuscator tool & CodeAccess class to prevent this.


with best Regards
Shrinivas
 
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, there's nothing to prevent decompilation. However, you can use some third-party tools to obfuscate the code. Obfuscators generally only make your code difficult to read, that's all. It is still functional and can be traced. Anyone with enough determination could potentially make sense of obfuscated code.
 
author and iconoclast
Posts: 24207
46
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This has nothing at all to do with "security". "Intellectual property protection", maybe. But realize that all code, whether written in Java, C++, or assembler, can be decompiled and/or traced at runtime. It's never a good idea to base your company's financial well-being on a bet that no-one can understand your code.
 
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As Ernest said, anything (and that means anything) can be decompiled into something (not necessarilly the language it was created in though).
What you need to ask is whether the cost of making that decompilation harder is worth the potential benefit.
Usually the answer will be that it isn't.
 
Shrinivas Mujumdar
Ranch Hand
Posts: 328
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
Thanks for reply first of all, but the point is, if i own a company i will have a source code with me, but i do not want others to have a look at it.(i.e. i am not going for open source code), how i can do that?
Why some other languages support prvention of decompilation & Java is not supporting that?


with best regards
Shrinivas
 
Ranch Hand
Posts: 323
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Shrinivas Mujumdar:
Thanks for reply first of all, but the point is, if i own a company i will have a source code with me, but i do not want others to have a look at it.(i.e. i am not going for open source code), how i can do that?

Why some other languages support prvention of decompilation & Java is not supporting that?



i'm not entirely sure what you mean by "have a source code with me" in this question. if you mean that a piece of software you develop will be shipped to your customers with its .java source code files included, then decompilation will be the least of your worries.

i'm not too sure what you mean by "support prevention of decompilation", either. i know of some languages that try to make a decompiler's work slightly harder, but i know of no way to completely prevent decompilation - i think that is theoretically impossible, at least if you want your compiled code to be executable.

your best bet might be to rely on legal recourses, i'm afraid. technological measures, like obfuscating object code to make it trickier to decompile, aren't very good at limiting what human beings can do; the humans whose behaviour you're trying to control (whether they will decompile your program or not) are not very strongly bound by what their computers can or cannot do. if they want to decompile your code, and if this wish is strong enough in them, they can always find a way to do it - the force of the law can make them want it a bit less.
 
Ranch Hand
Posts: 1923
Scala Postgres Database Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Shrinivas, I guess you should compile a small class, and decompile it, and look at the code.
Then take a larger project, compile it and decompile it.

Take an obfuscator, and repeat both steps.

Normally I would prefer to rewrite an application from scratch, by observing its behaviour, than analizing decompiled code without comments.

And binary languages are decompilable too, afaik.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic