1000 Java Tips ebook
Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java
programming articles and tips. Please take your copy here.
Take your copy of free "Java Technology Screensaver"!.
I am going to use ''a code obfuscation'' to prevent it from stealing. Are there
JavaFAQ Home » Security
Question: I am going to use "a code
obfuscation" to prevent it from stealing. Are there some recommendations to make
my code even more protected?
Answer: Yes. Exist a few code obfuscation
products, one of them is JProof.
Personally, I think that this product is one of the best tools that you can find
To achieve maximum bytecode protection level you can use several techniques that
allow to do better protection with JProof:
- Make your methods and fields as much private as possible. Usually a lot of
stuff does not need to be accessed from the other classes. The good style is
to mark such stuff as private (by adding "private" modifier to the field or
method declaration). Additionally, this will little bit improve your
- If you can not make field or method private, try to make it "package".
Simply do not use any of public, private or protected modifiers in field or
method declaration statement, and they automatically will be marked as
"package" by Java compiler. Note that both public and protected members can be
referenced from the other packages.
- Minimize inter-package references. All of the inter-package interaction
should be performed via public interfaces and public classes.
- If some classes in package do not referenced from other packages, remove
the "public" modifier from their declarations. In this case, Java compiler
will mark these classes as "package", and JProof will be able to rename them
and hide their actual names. Note that non-public class can implement public
interfaces and publish some methods.
- Change direct field access to set/get methods access. Mark a field as
private and add two methods for getting and setting field. This will improve
protection within the class. You can leave usual (direct) field access for
"package" (no-modifier) fields.
- Implement "grouped" (joint) get/set methods where performance is not
critical and where you need to make the best protection. To do this, add new
method with one additional int parameter that will indicate which exactly
action need to be performed. Mark methods called from within it as private.
This will reduce the number of public methods. Sometimes this technique is
called as "join methods". It is possible to join methods with similar
signatures (not parameter names or sense) and add int "FnCode" parameter to
new method's signature.
- Use resource bundles to hold string constants. This will improve the
localizability of your software and will
make more difficult human reverse-engineering.
- Try to decompile your software yourself with all known Java
This will help you to ensure that you are protected from most of Java
decompilers. You can find a list of Java decompilers in the Decompilers
section of "More Info" FAQ.
You can find this tool at:
Our older tips: March 22, 2001 - October 21, 2002
All published and not published on the site tips read
Printer Friendly Page
Send to a Friend
Search here again if you need more info!