Discussion on:
View:
Show:
Code obfuscation is both immoral and futile. It is a hallmark of poor programmers that they waste time worrying about people "stealing" their code, rather than on improving that code and making it as good as it can be.
1. Obfuscation won't stop the motivated reverse engineer.
2. It doesn't improve the features, but will make bugs harder to find.
3. There are legitimate reasons to be able to reverse engineer your code. (Case in point: We had code written by someone on an H1B. They went back home and then never came back. After a bit, we discovered that the original source code had been lost, and working notes were in a foreign language. At that point we decompiled the code and reverse engineered it. If we had been using obfuscation the task would have been much harder.)
4. Obfuscation has always been available for all languages. But has also been little used due to the pace of change and development. The most this will do is make migrating to the next big language harder to do.
2. It doesn't improve the features, but will make bugs harder to find.
3. There are legitimate reasons to be able to reverse engineer your code. (Case in point: We had code written by someone on an H1B. They went back home and then never came back. After a bit, we discovered that the original source code had been lost, and working notes were in a foreign language. At that point we decompiled the code and reverse engineered it. If we had been using obfuscation the task would have been much harder.)
4. Obfuscation has always been available for all languages. But has also been little used due to the pace of change and development. The most this will do is make migrating to the next big language harder to do.
From the view of OpenSource it is likely a poor practice, but ClosedSource Software needs a specific level of security, regarding to "code-napping". Wich way is the best for it, I don't know yet.
The purposes of improving code and obfuscating it are as different as compiling and executing it. So what's the fuss. Since when has been moral a priority in commercial products?
Nevertheless, I am with you!
an OpenSource addict
The purposes of improving code and obfuscating it are as different as compiling and executing it. So what's the fuss. Since when has been moral a priority in commercial products?
Nevertheless, I am with you!
an OpenSource addict
People working in shops where "closed source" is all they understand are often very myopic when it comes to understanding the security and value of their software. As royhayward pointed out, you can't stop a motivated developer from reverse-engineering your software, and obfuscation won't help. Furthermore, there are often legitimate reasons for such activities, aside from "stealing" (which is a ridiculous term to use for copyright infringement) code, as royhayward also pointed out.
Ultimately, all obfuscation does is make things more difficult for people who are supposed to have access to the source, like the developers.
Ultimately, all obfuscation does is make things more difficult for people who are supposed to have access to the source, like the developers.
poor programmer is worrying about the decompiler ..we are work very hard work and write the coding but simple hacker getting the our source code ....how its possiable man how u can say that ....what a think
man
can u give that correct soluation man ....
man
can u give that correct soluation man ....
Where is the best place to hide a colpse? It is in the cemetry of corse. So to make things easier and for coder and writer of soft ware not to have sleepless nights, the best they can do is not to code the soft wares at-all.. Or they will spend sleepless nights yet have their efforts wasted as they will discover the next day that several 'smart guys' already have anti-dots to their labour and alredy have their so-protected soft ware on and running.
Onyeuko Chigozie Teddy
Pisa-Italy
Onyeuko Chigozie Teddy
Pisa-Italy
Jumping through dozens of hoops in the attempt to "better" obfuscate code so others can't "steal" it is ultimately futile, and a waste of energy. If you depend on code that's closed source for business reasons, you're better off defending it in court with copyright law, and letting your developers work on improving the software rather than trying to make it harder to access the source code. If you do so for security reasons, you're better off staying out of the software business altogether, since obscurity is not an effective means of ensuring security.
To achieve the highest degree of protection, take a two-step approach:
1. Rename identifiers and encrypt string literals, but don't obfuscate code.
2. Compile the resulting classes down to native code using GCJ or Excelsior JET.
1. Rename identifiers and encrypt string literals, but don't obfuscate code.
2. Compile the resulting classes down to native code using GCJ or Excelsior JET.
. . . stop wasting your time "obfuscating", and spend more of that time actually improving the software. You're not going to end up stopping anyone that wants the design of your software -- and there are far fewer people who actually want access to the internals than most companies realize.
We used to call this crap "BAD PROGRAMMING".
This is nothing more than a new wrinkle to the old practice of making your code illegible so nobody can maintain it.
As far as it goes for me, I can live with it. It ups my asking price and gives me job security.
It's a bad practice though and will likely make anyone who has to maintain this crap VERY agitated.
To the suits that means YOU WILL HAVE TO PAY MORE FOR US.
This is nothing more than a new wrinkle to the old practice of making your code illegible so nobody can maintain it.
As far as it goes for me, I can live with it. It ups my asking price and gives me job security.
It's a bad practice though and will likely make anyone who has to maintain this crap VERY agitated.
To the suits that means YOU WILL HAVE TO PAY MORE FOR US.
I have found obfuscation to be almost indispensable, though not yet quite good enough.
Specifically, we use it to make sure that only a very small number of developers have access to key classes that control data security. While everyone has access to the resulting class files, the source code remains offline. If other programmers don't know how these classes work, although they have access to the cryptographic API, it is much harder for them to find a way around it.
I see no problem with obfuscation if used at the right time for the right purpose.
Specifically, we use it to make sure that only a very small number of developers have access to key classes that control data security. While everyone has access to the resulting class files, the source code remains offline. If other programmers don't know how these classes work, although they have access to the cryptographic API, it is much harder for them to find a way around it.
I see no problem with obfuscation if used at the right time for the right purpose.
It sounds like, in translation, your reason for "liking" obfuscation is that you work with crappy programmers who can't code their way out of a wet paper bag, so you're better off keeping them in the dark to limit the amount of damage they can do.
That's not a good reason for obfuscating source code. It's a good reason for firing some programmers and replacing them with people who aren't idiots, though.
That's not a good reason for obfuscating source code. It's a good reason for firing some programmers and replacing them with people who aren't idiots, though.
I have to wonder what obfuscation does to the speed of the program, in many cases. Personally, I think that anyone who decompiles the code probably is not going to do too much with it. I mean, it is twenty times easier to just pirate software. Other than looking for security holes (and we all know that obscurity is hardly a defense against hacking), I just do not see decompiling code being a major issue. I suppose someone could demand it, but I cannot think of too manmy cases where it would be needed.
J.Ja
J.Ja
your code with a simple cut and paste.
Of course this idea relies of several idiotic assumptions
The code is valuable.
The code is reusable as it is.
The code is desirable....
If any of the above were true, obfuscation will not stop someone reverse engineering.
The muppets who obfuscation would deter, probably wouldn't understand it anyway even in plain 'english'
Of course this idea relies of several idiotic assumptions
The code is valuable.
The code is reusable as it is.
The code is desirable....
If any of the above were true, obfuscation will not stop someone reverse engineering.
The muppets who obfuscation would deter, probably wouldn't understand it anyway even in plain 'english'
Yeah, it will stop "that" kind of coder... it just pisses everyone else off.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
