ObjectWeb Consortium
Search ObjectWeb Mail Archive: 

Advanced Search - Powered by Google

Mail Archive Home | oscar List | March 2006 Index

<--  Date Index  --> <--  Thread Index  -->

Re: [oscar] Disadvantages

While I completely agree that bytecode is easy to decompile, there are a couple of things you can do about that.

Most importantly, you can use an obfuscator to make sure the bytecode cannot be translated back into any meaningful form of Java source code. Of course you can always still "read the bytecode" but this is very similar to "reading assembly code" which makes Java as safe or unsafe as any other compiled language.

I can report that this is very achievable and works in practice - we have some commercially sensitive areas of our production application which are obfuscated. There's a few things you need to watch out for:

clearly, you dont't want top obfuscate any service / API classes that are intended for public use. It's perfectly workable to obfuscate OSGI Service classes that are only used internally though an extension of the above is to be careful not to obfuscate any methods used for remote API calls (e.g. XMLRPC methods), since they need to be known by name and found by reflection obfuscation needs to be the final step in your build process, and you need to obfuscate your Manifest headers for imports/exports too if you'ev obfuscated classes used across bundles

We found Zelix was flexible and configurable enough to meet all these needs - although I'm sure others might be up to the task too. The Manifest "munging" is the key part that is needed for OSGi use.


-- Rob

<--  Date Index  --> <--  Thread Index  -->

Reply via email to:

Powered by MHonArc.

Copyright © 1999-2005, ObjectWeb Consortium | contact | webmaster.