Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to "lock" a jar

 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a way to "lock" a jar file? My coder has used javafx to create an app.

thank you.
Jeff
email: jklamer@att.net
 
Tim Cooke
Sheriff
Pie
Posts: 3206
142
Clojure IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Define "lock"?
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you for your reply,,,,,what i mean is that I/we do not want anyone to have access to the files contained within the jars for our two apps written using Java. We do not want anyone to know how our app was coded nor allow anyone to change the code.

Is this possible? If so, how can my coder do this? thank you.
 
Paul Clapham
Sheriff
Posts: 21572
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Would you want Java's system classloader to be able to access the classes in the jar, so that the app could be run?
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
well, we just want the apps to run,,,,,without the contents being divulged.
Is this possible? and, is it possible to not let people modify the code?
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can this be used: http://www.bfa-it.com/?lang=en&id=products/jarprotector

to accomplish what we are after?
 
Henry Wong
author
Marshal
Pie
Posts: 22113
88
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeff Klamers wrote:
Is this possible? and, is it possible to not let people modify the code?


Depends. Do you want to guaranteed secrecy? Or do you just want to slow them down a bit?

For the former, no, it is not possible. For the latter, yes, you have a few options to slow them down.

Henry
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i would like to protect our codes
so people cannot just right click on jar file and extract
nor modify code if this is possible, but the jar would still be runnable.

thanks.
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what are the options regarding slowing people down?
 
Henry Wong
author
Marshal
Pie
Posts: 22113
88
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeff Klamers wrote:what are the options regarding slowing people down?


Well, you kinda have two options that comes to mind.

One. You can obfuscate the class files. In this case, if someone tries to decompile the class files, it still creates Java code -- but the Java code has issues, which has to be repaired somewhat. It is also very difficult to read the decompiled source.

Two. You can compile it with an AOT (ahead of time) compiler. This will change (or wrap) your Jar file into an .exe file. And unfortunately, this will also remove your platform independence too... but regardless, this should make it harder to decompile.


Anyway, I recommend google of "Java Obfuscation" and "Java AOT" for more information.

Henry
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok, thank you, Henry
 
Henry Wong
author
Marshal
Pie
Posts: 22113
88
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeff Klamers wrote:can this be used: http://www.bfa-it.com/?lang=en&id=products/jarprotector

to accomplish what we are after?


Interesting. Never heard of this option -- so, no opinion.

Henry
 
Jeff Klamers
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok, thank you Henry.
 
Rob Spoor
Sheriff
Pie
Posts: 20751
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Henry Wong wrote:
Jeff Klamers wrote:can this be used: http://www.bfa-it.com/?lang=en&id=products/jarprotector

to accomplish what we are after?


Interesting. Never heard of this option -- so, no opinion.

Henry

From what I've quickly read, it requires the JarProtector runtime to be used on top of the JVM, because what you've got aren't JAR files, but encrypted JAR files which they call CAR files. That adds a layer of security, but also extra work for the end-user - they will need to download and install another piece of software.
 
Stephan van Hulst
Bartender
Pie
Posts: 6503
83
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The bottom line is no. It's theoretically impossible to make code readable to a machine and unreadable to a human. All you can do is make it harder to read. Obfuscation and encryption have already been mentioned, but these are reversible processes.

The only way to keep your code out of the hands of a user to to never distribute it. This is how web applications work. Code is being executed on a server where users don't have access to it, and you only give them the execution results.
 
Claude Moore
Ranch Hand
Posts: 829
7
IBM DB2 Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Web Applications way of working mentioned by Stephan may also be replicated, with some efforts, for desktop application using Java FX.
You can put all the complex business logic on the server side and expose it as services. This doesn't protect your client code, but even with decompilation one would get only an half of the whole application - quite useless.
By the way, event HTML+CSS+JavaScript stuff in a web page isn't "protected": your browser allows you to show page source code, but as Stephan noted since all the relevant part of the business logic is done on the server side, such hacking is useless.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic