Java Code Security [duplicate]

Question

This question already has answers here:

Closed 8 years ago.

Possible Duplicate:
Do you obfuscate your commercial Java code?

Is there any way other then obfuscation to protect jars from being opened by someone else? The thing is that I don't want anyone to access the code, which is why I don't prefer Java. From the decompilers I used, programs made in C# and Java have EVERYTHING like the names of the variables intact which would make it easy to get access to programs that are not free. Worse, give out the source code.

Answer 1

Most of these points are covered by comments above, but I'll expand on them a bit here:

If your code is running on the user's machine, the user can decompile your code. It doesn't matter what language it is. Java, C, whitespace, brainfuck, it doesn't matter. If the code runs on a computer, a human can read it. Even if you make your own homebrew language and compiler, the compiled code is still going to be a sequence of standard machine instructions, which decompilers will handily turn into readable code in C or whatever language you like.

No exceptions. Forget about it.

But there are ways to get what you want: protecting some secret business logic. An easy way to do this would be to place the business logic on your own machine and expose it with a web service. The user can still see the client requests and service responses but otherwise your logic is a black box.

You could also make your own machines, lock them down, and distribute them to users. Be aware that although this is possible, it's technically quite difficult to do correctly (think of all the hacked gaming consoles and smartphones), and will significantly increase the cost of your service.

Answer 2

As far as I know, jar files (generated with NetBeans) may contain only .class files, which are Java bitecode, not source code. I don't know if there's a way to reverse-engineer a .class file, but it has very little ASCII usable text.