Reputation: 9189
protecting applet code against hackers
I have a Java application that I am considering releasing over the web as an applet. I am concerned about java-savvy end users being able to somehow view the source code, given that my web server would be sending the code to their remote jvm when they try to use the applet.
What precautions can be taken to ensure that end users are never able to directly view source code of an applet?
I am hoping that release as an applet might somehow protect the privacy of the code more than releasing an application with downloadable jars that the user could just unzip. Is this true?
Upvotes: 0
Views: 302
Answers (3)
Reputation: 37845
As a Jar is essentially just a zip file in disguise there's not really a way to keep people from viewing the source code. There are lots of decompilers available for Java classes. Most developers that are concerned about end-users decompiling the source code use an obfuscater to make the code more or less unreadable or at least difficult to understand.
Sorry there is not really a good answer to the question, it is just the nature of the Java language that you can always decompile the source code.
There are options like wrapping a Java application in an executable that will make it more difficult to access the Jar itself but obviously you can't do this for an applet.
Here's a (company) blog post on the topic of converting Java to an executable: http://www.excelsior-usa.com/articles/java-to-exe.html
Pulled from an SO thread also on the topic: How can I convert a JAR file to an EXE file?
Upvotes: 2
Reputation: 5137
If somebody really wants your code, they'll get it. The best you can do is try to make it more difficult. As others have stated, a typical approach is to use a code obfuscator.
If you're using Maven to build your project you can use the proguard-maven-plugin from the maven central repository.
But since you're considering releasing it as an applet, if you can have any functionality running on server side code, you can go a lot farther towards securing your code base.
Upvotes: 0
Reputation: 3543
You could use some of the available open-source code obfuscators (many people recommend using ProGuard, not only for obfuscating but also code minimization).
Upvotes: 0
Related Questions
- Alternative technologies to replace applet?
- Java Applet Security Issues
- How do I prevent people from hacking my applet?
- How to prove a Applet is safe?
- Prevent users from downloading and using my Java applet manually
- Create JavaApplet without ask for security warning
- Java security vulnerability for basic applet
- Applet security setting?
- Applet Security
- What security can be added to Java Applets?