How i deploy Java application securly

Printable View

02-06-2002, 12:47 PM
anvar

How i deploy Java application securly

hi everybody,
I hope any one of u can help me. Because this is my last resort.
My problem is describing below.
I have created a java application(Stand alone). I have to install that into
a machine. When I am installing any how i have to copy all .class files to
the system. When I am copying, how will I secure those files. Means if a
person knows where the class files is loaded, he can declompile the application,
that will gives the original source code, and he can make changes into that
and recopy. This will spoil the application. So how I secure the class files
from the external access.

thanks for ur time.
02-06-2002, 06:47 PM
Kent

Re: How i deploy Java application securly

Hi Anvar,

You can use a signed JAR file. This is a JAR file that is specially signed
and "sealed". Any changes to content within the JAR file without resigning
render the JAR useless. You need to use the JDK tool called jarsigner to
achieve this (see JDK security tool documentation for more info).

I've never used this myself but I think it is what you're after. However,
and maybe someone else can answer this, is it not possible to unzip the files,
make changes and then modify the classpath the Java app is running against?

Regards,
Kent

"anvar" <anvar_k@angelfire.com> wrote:
>
>hi everybody,
>I hope any one of u can help me. Because this is my last resort.
>My problem is describing below.
>I have created a java application(Stand alone). I have to install that into
>a machine. When I am installing any how i have to copy all .class files
to
>the system. When I am copying, how will I secure those files. Means if a
>person knows where the class files is loaded, he can declompile the application,
>that will gives the original source code, and he can make changes into that
>and recopy. This will spoil the application. So how I secure the class files
>from the external access.
>
>thanks for ur time.
02-07-2002, 07:43 AM
MarkN

Re: How i deploy Java application securly

You need an obfuscator. Not sure of any free ones. One for sale is Dash
O
(www.preemptive.com)

The answer to Kent's question is yes, if you have/can get the source.

Mark

"Kent" <kb@essential.com.au> wrote:
>
>Hi Anvar,
>
>You can use a signed JAR file. This is a JAR file that is specially signed
>and "sealed". Any changes to content within the JAR file without resigning
>render the JAR useless. You need to use the JDK tool called jarsigner to
>achieve this (see JDK security tool documentation for more info).
>
>I've never used this myself but I think it is what you're after. However,
>and maybe someone else can answer this, is it not possible to unzip the
files,
>make changes and then modify the classpath the Java app is running against?
>
>Regards,
>Kent
>
>"anvar" <anvar_k@angelfire.com> wrote:
>>
>>hi everybody,
>>I hope any one of u can help me. Because this is my last resort.
>>My problem is describing below.
>>I have created a java application(Stand alone). I have to install that
into
>>a machine. When I am installing any how i have to copy all .class files
>to
>>the system. When I am copying, how will I secure those files. Means if
a
>>person knows where the class files is loaded, he can declompile the application,
>>that will gives the original source code, and he can make changes into
that
>>and recopy. This will spoil the application. So how I secure the class
files
>>from the external access.
>>
>>thanks for ur time.
>
02-10-2002, 11:15 PM
Dave

Re: How i deploy Java application securly

"MarkN" <mnuttall@nospam.com> wrote:
>
>You need an obfuscator. Not sure of any free ones. One for sale is Dash
>O
>(www.preemptive.com)
>
>The answer to Kent's question is yes, if you have/can get the source.
>
>Mark
>
>
>"Kent" <kb@essential.com.au> wrote:
>>
>>Hi Anvar,
>>
>>You can use a signed JAR file. This is a JAR file that is specially signed
>>and "sealed". Any changes to content within the JAR file without resigning
>>render the JAR useless. You need to use the JDK tool called jarsigner to
>>achieve this (see JDK security tool documentation for more info).
>>
>>I've never used this myself but I think it is what you're after. However,
>>and maybe someone else can answer this, is it not possible to unzip the
>files,
>>make changes and then modify the classpath the Java app is running against?
>>
>>Regards,
>>Kent
>>
>>"anvar" <anvar_k@angelfire.com> wrote:
>>>
>>>hi everybody,
>>>I hope any one of u can help me. Because this is my last resort.
>>>My problem is describing below.
>>>I have created a java application(Stand alone). I have to install that
>into
>>>a machine. When I am installing any how i have to copy all .class files
>>to
>>>the system. When I am copying, how will I secure those files. Means if
>a
>>>person knows where the class files is loaded, he can declompile the application,
>>>that will gives the original source code, and he can make changes into
>that
>>>and recopy. This will spoil the application. So how I secure the class
>files
>>>from the external access.
>>>
>>>thanks for ur time.
>>
>

There are a number of obfuscator tools around, a keyword search on the web
will turn them up. We've recently looked at a number of them, and are now
working with one called KlassMaster....