I am writing a license management system for our project and it is critical that it work regularly and correctly. I have written some methods with public access in a package; for example
// code to check correctness of password
public boolean checkIfPasswordIsCorrect(String password){
// my code here
}
Now I anxious if someone change my .class files in .jar or .war file. Then for example he or she can rewrite my class and methods such that it always return true; after that my system will work incorrect that means always authorizes users accessing its service.
Maybe there is a solution just to obfuscate my code to change name of classes or packages and blend my code in release step. Is there another Idea? thanks.
EDIT: I don't want to release my code; I just release compiled .jar or .war files to the customers.
You can sign your code to prevent someone from changing it and giving it to someone else pretending it is the "official" version.
You cannot prevent anyone from making changes to code they are running themselves.
If they break the program that way, that is their fault. If they can break your system that way (such as gain unauthorized access to other people's files), then this is a design flaw in your system. You cannot depend on client software not being modified. Code that must not be tampered with needs to run on your machines and be accessible as a service.
Practical example: Instead of checking a password and then granting access to a local file or not (which can be circumvented by changing that code), encrypt the file with the password (so that there is no way to access it if you don't know the password, no matter how much you mess with the code). Or keep the file on the server and only allow access if provided with a password (that you check on the server).