Re: encrypted source file support in jdk?
Daniel Dyer wrote:
On Thu, 27 Sep 2007 13:17:55 +0100, Tom Forsmo <tom@nospam.org> wrote:
- if class files are also encrypted
This is a common suggestion for protecting class files but it won't work
(see
http://www.javaworld.com/javaworld/javaqa/2003-05/01-qa-0509-jcrypt.html).
Not quite, the scenario described in that article is for when you sell a
binary and want to protect the binary. Of course, that would not work
because the users must have the password to decrypt the files in the
classloader and of course anybody can listen in if they have the password.
My scenario is for protecting source/class files where only a limited
number of people have access to it, such as for internal use during
development of a new product etc. or if you dont sell the code, but
sell a web service that only you provide. In such situations class files
can be protected on the server with this scheme.
But you will allways have the problem of protecting the machine from
directed hacking, so they can not tamper with your rt environment or
similar. but that is allways a concern. If they have root access its
difficult to protect from anythin, unless you start using ACLs and
role-based security (used in military systems).
regards
tom