Java SecurityManager - secure code before modification in runtime

Question

I have java application and I thinking about security. I can obfuscate code but I can still "steal" code from memory or modify code in runtime using for example javassist. I looking for SecurityManager to protect my code before modify and get code from memory by another java application. Someone know how how use SecurityManager for this example or knows better solution?

Answer 1

A SecurityManager does the opposite of what you are trying to do. It protects the user's machine against the potentially harmful effects of running untrusted code. You are trying to protect the code against the user.

There is no real solution that will 100% protect your code. If the code executes on the user's machine, it can be stolen, and (with skill and effort) reverse engineered. This is true for all programming languages.

Basically, if the user controls the platform they can access stuff in a running applications memory, and you cannot stop this. In the case of Java, they can also disable any security managers, attach agents, and ... basically override any security controls that you might want to impose. It is >>their<< platform.

The best you can hope to do is to make it too hard for someone without the necessary reverse engineering skills and time.

And if the code is that precious ... only run it on >>your<< hardware in >>your<< data centre, etc.