Secure

[Rabrg]

How would one secure a Java class?
As in; users download a class, used as a "script".
They can see the source files of the client,
where this script is added in, but I do not want them to be able to find the source file of this script.
Could there be a method in the Java API that enables the loading of scripts, from a database for a website, but does not save the class.
That way the users can't decompile the class file.

[Eranga]

What you mean by use it as a script? Can you explain it bit more.

[Tolls]

You're too paranoid.

[Rabrg]

Tolls, I'm selling it. I don't want anyone to get it and give it to their friends, or post it somewhere.

Eranga, its a small program that is used for a larger one.

[Eranga]

You're too paranoid.

Is that me?

[Tolls]

Tolls, I'm selling it. I don't want anyone to get it and give it to their friends, or post it somewhere.

And?

For starters your use of terminology doesn't fill me with confidence...classes as a "script"?

How are you deploying this?

Is it an Applet, Web Start, straight download/installer?

Whichever of the above, there will be class files downloaded onto the users machine, because otherwise it won't work.

If you knew Java well enough to write something good enough to warrant being paranoid about software theft then you would know that.

(Not you, Eranga...:))

[Eranga]

As you have several question to OP, I'm worried that what really means by scripts. No explanation at all.

[Rabrg]

Totally ignore the word 'script'. My thing is a small program.

[Tolls]

OK.

You have a small program...how do you distribute it?
How does it run?
That was the second question.

[Eranga]

And what kind of, desktop or a web based?

[Rabrg]

Desktop. /Ten chars

[Tolls]

You do realise you are essentially asking if it's possible to download and run a program without downloading the compiled code?

The only way to avoid having code on the client machine is by having the client simply as a front end that accesses a server that does all the work.

[Rabrg]

My friend just did it.

[Tolls]

Then ask him how.
Because I'll guarantee that to run a desktop program on your system will involve the class files being there somewhere, unless you have created an exe in which case there will be code that is still decompileable to some extent.

[neilcoffey]

As @Tolls says, whatever fancy scheme you come up with, the class files will always be there in some shape or form at the end of the day.

The usual way to protect a Java program (which does it to some limited degree) is to use an obfuscator. This generally provides fairly poor protection on short programs and moderate protection against casual hackers on larger programs. At the end of the day, there's nothing you can do to prevent a determined enough person from reverse-engineering your program-- the idea is to make it difficult enough that for most people it's more viable to buy your program than hack it.

[Tolls]

Or provide something else of value other than the straight code.

[xael]

Could you obfuscate it? Just a thought, I don't actually know how to though. =]

[Prajin]

Here is something very interesting, read it
obfuscator : Java Glossary

-Regards

[Tolls]

1, 2 and 3 are really quite important in that list...I suspect a lot of people suffer from 1.
:)

[Emperor]

You do realise you are essentially asking if it's possible to download and run a program without downloading the compiled code?

The only way to avoid having code on the client machine is by having the client simply as a front end that accesses a server that does all the work.

Simple; URLClassLoader.

You host the class files on a simple URL, make it unaccessable by your users, and load the class using the URLClassLoader.

You call him a beginner, but you haven't heard of the URLClassLoader yet?