when i am just changing the extension
Brought to you by:
grzegok
Menu
▾
▴
Where is the security breach? The only difference between calling the exe and starting the jar is that you can set command line arguments for the exe. If that is your idea of security, then little security is lost.
The other problem of course is that others can see you source code if they decompile the java classes, but you cannot avoid that unless you use a jar obfuscation tool.
Thanks for the reply Peter,
An .exe extension conversion directly to .jar, I still feel it is a security breach ?, i have a file with .exe and just by converting it to .jar a person is able to view all the content by just unziping the jar in any software like WINRAR. This is a bug, there is a software Java2exewizard1.8 where if we convert the jar to exe , that will handle the problem mentioned i.e if i change the extension to .jar it gives an error. The concern i have with the mentioned tool is that it is licensed tool, not an open source.
Regarding your suggestion of using a jar obfuscation tool thats an altogether different approach and have never used it just heard about it, Please let me know how to use that obfuscation tool if you have knowledge on it
Thanks and regards ,
Raj
Hello Raj,
I just tested an example of a Java2exewizard1.8 produced exe.
They do have nice features like task bar icons.
However I could recover the java classes by using a zip recovery utility, so you don't loose that much by using Launch4j instead.
You are asking for an interesting Launch4j feature though. Adding some obfuscation to Launch4j, that is.
You can google for obfuscation tools, the best link I noticed is:
http://java-source.net/open-source/obfuscators
Among the obfuscators mentioned is Jode at sourceforge.
--Peter
Being able to extract the Java classes from the executable is the nature of a java wrapper like Launch4j. If you want to prevent this, then you probably don't need to be writing Java code. There are Java compilers that compile the Java code into native binaries, but these are typically commercial products. (gjc [http://gcc.gnu.org/java] is an open source project that can do it.) Regardless, those solutions are all different approaches than launch4j, and are not compatible with it.
Like redlaggedteut said, a code obfuscator would accomplish what you seek. The obfuscation step should occur after you create the jar and before you use launch4j to create the exe. I would suggest you use ProGuard (http://proguard.sourceforge.net) instead of Jode. It is a very nice and powerful obfuscation tool and does a better job obfuscating the Java code than Jode or other tools. I use the ProGuard obfuscation tool with launch4j to create a lot of software. However, I would not recommend to incorporate an obfuscation tool into launch4j. Obfuscation is a very complicated process and requires some knowhow to use (hence the large number of command line arguments to ProGuard). I recommend novice users not mess with obfuscation tools. The defaults might work okay, but tweaking the settings too much can break your application.
the issue was copied to
http://code.google.com/p/jliftoff/issues/detail?id=9
this issue was closed as invalid at http://code.google.com/p/jliftoff/issues/detail?id=9
Launch4j does not compile the jar into exe, the wrapped jar is still a jar. This is not a bug.