Most secure way to protect jar loaded remotely
843811Jan 24 2010 — edited Jan 24 2010Hi guys,
following scenario:
I developed an application packed in a single jar. When you run this jar on a client's machine, it will connect to my server. So far so good.
Problem:
I could just copy that jar to the different client machines and run it (i.e. as a service), but I don't want ANYONE to have access to that jar, let's say because there is a sophisticated algorithm in it and I don't want that even my clients have access to the jar file itself.(Obfuscating in Java is not strong enough)
My idea:
this jar lies on a web server and I load this jar remotely using https from the client's machine by using a network class loader so I don't have to download it. Using client authentification I make sure only chosen clients can have access to it.
My question:
Is that architecture save enough? Is there a way to get access to that jar despite loading it directly into memory? Any recommendations for the safest way to protect that jar?
Thanks in advance!
Cheers
Tim