Will the fact that java class files can be decompiled and need of third party software for obfuscation in any way compromise security?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Will the fact that java class files can be decompiled and need of third party software for obfuscation in any way compromise security?
Yes and no… yes, if you compile any sorts of passwords into your Java program that you distribute, then yes, it will not be secure, but then again, this would be a terrible thing to do in any programming language… for example, in C++, you can recover strings that have been compiled into the program using the strings utility.
If there is any super secret thing that you do, then you should generally not distribute the JAR that does that super secret thing (although “security by obscurity” is generally not secure). While there are certainly basic things that you need to know about security, and it is possible to shoot yourself in the foot with Java, the fact that Java can be decompiled really is not a major security disadvantage. I should also note that, in general, you are less likely to experience security woes in Java given that Java protects you from out-of-bounds memory accesses, buffer overflows, dangling pointers, and other pointer manipulation problems.