I am currently working on obfuscating my code and I will be using free tools to obfuscate my code. The code is in java and I want to keep the code secure as I will be providing war file to the client.
My question is, whether it is safe to obfuscate using an opensource tool or is there any other way to obfuscate code or to secure war file.
The tool I will be using is :
Need the best solution to secure my code, please let me know ways to secure war file.
Thanks
Obfuscation is security by obscurety; a way of securing that is frowned upon by security experts. Indeed as the commenters say, not shipping the code and keeping it behind a webservice is a better way of keeping the code private. I disagree that switching to an other language would help: a CPU will have to be able to execute your code, therefore with human effort your code canbe reverse engineered.
Obfuscated source or intermediated code can deter attackers that try to steal your code.
A code obfuscator can perform a varity of operations to obfuscate your target code. For most of these the obscurity of these does not have to come from obscurity of the obfuscator's code. Randomisation is a better way to make target code obscure.
An advantage of an opensource code obfuscator is that you can check that the obfuscator does what it is supposed to do.
Suppose you use a closed source (and ofcourse obfuscated) obfuscator from a source that you don't know or do not trust (or from a supposedly trustworthy source). How do you know that:
I know that the many eyes principle isn't as great in practise as some opensource advocates believe. But still its preferable to a proprietary obfuscator from an dubius supplier.