简体繁体 English

保护数据免于从setup.exe或jar中提取

[英]protect data from extraction from setup.exe or from jar

原文 2012-11-08 10:30:44 5 1 java/ installation/ setup-project/ executable-jar

I am making the setup of java swing application by using Inno Setup as an exe i am selecting the jar file of my project, I am also adding other necessary resources as folder. 我通过使用Inno Setup作为exe来进行Java swing应用程序的设置，我在选择项目的jar文件，还将其他必要的资源添加为文件夹。

When I am installing the setup on the client side. 当我在客户端安装安装程序时。 it is putting the jar and other resources in program files folder but there client can extract the my java classes and other resources from jar. 它将jar和其他资源放在程序文件文件夹中，但是客户端可以从jar中提取我的java类和其他资源。 I want that client can only use the resources by application program but he could not extract the resources. 我希望客户端只能通过应用程序使用资源，但不能提取资源。 How is it possible? 这怎么可能？

1 个解决方案

There is literally nothing you can do to entirely prevent someone from extracting the resources. 实际上，您无法采取任何措施完全阻止某人提取资源。

The best you can do is to make the process a bit difficult; 您能做的最好的就是使过程变得有些困难。 eg by storing the resources in the JAR file in encrypted form. 例如，通过将资源以加密形式存储在JAR文件中。 The problem is that your program would need to decrypt the resources in order to use them. 问题在于您的程序需要解密资源才能使用它们。 Someone with sufficient skills and patience can reverse engineer your decryption code and capture the unencrypted resources. 具有足够技能和耐心的人可以对解密代码进行反向工程，并捕获未加密的资源。

By the way, this is not a Java-specific problem. 顺便说一下，这不是特定于Java的问题。 Any application that you provide to a user as an executable can be reverse engineered ... assuming that the user has the wherewithal to run it in the first place. 您以可执行文件形式提供给用户的任何应用程序都可以进行逆向工程...假设用户首先有能力运行该应用程序。

The bottom line is that if you are not prepared for the possibility that someone might extract the resources, you should not distribute the executable. 底线是，如果您不准备有人提取资源的可能性，则不应分发可执行文件。