What product / technology can I you use to protect my java code in a commercial application? Is there a obfuscator that does the job? On the other side, it would be great to have anything that combines file-based license management with byte-code encryption.
Any Ideas? Best practices?
I'm not a lawyer but: Legally you can copyright it. If the process is truely unique you may be able to patent it. Contact a lawyer to get a final word.
Zelix Klassmaster, an excellent product and it's pretty cheap. Great support.
ProGuard is one of the better obfuscators. Surprisingly few people are aware how easily bytecode can be decompiled into quite a readable source. With default settings javac even puts the source's line numbers in the .class files (which of course is helpful in debugging - it's where the line numbers in a stack trace come from).
Just a remark on the copyright side: assuming you are in the U.S., since 1978 copyright legally exists without any need for registration. However, in practice, legally enforcing a copyright is very difficult. Among other things, it requires proof that the person who violated your copyright actually saw your code. Patent protection covers even later, independent invention. Copyright does not. But that does lead to one interesting technique, additional to an obfuscator: giving your code an "Easter egg" behavior on some unrealistic inputs is an excellent way to demonstrate that someone took your code, since they would hardly have arrived independently at the same "Easter egg" (a behavior that is in no way called for by the specification of the problem at hand).
You need to be aware that all Java (in fact all software in general) can be reverse engineered to (for example) disable the license management checks.
IMO, your best bet is to require your customers to sign a legally enforceable contract before you provide them with something they could potentially reverse engineer. Obfuscation and license management are a damn nuisance for honest customers, and ultimately won't stop people who are dishonest.
May I humbly suggest that you read my article "Protect Your Java Code - Through Obfuscators And Beyond"? It has pointers to a number of tools.
As far as copy protection of Java apps is concerned, I recall there was Padlock License Manager for Java, but I have no experience with it.
If the JVM can run it, a suitably determined developer can reverse engineer it as Java byte codes are relatively close to a high level language.
You cannot prohibit it technically but you can make it unattractive to use your code without your concent. Licensing is important. Customer contracts are important.
What does your code do?