Re: HTML/Java protection

[security () scovettadesign com]

First, I agree with the other responses. Generally speaking, a Java applet must be downloaded and is thus available by 
the client. One of the responses suggested executing code on the server. With sufficient rights on the client, you may 
be able to design an applet framework that will load bytecode dynamically from the server. This may mushroom into a 
huge project (rewriting class loaders, etc), and may not even be possible to actually do within a browser. 

Some code obfuscation tools might help a little as well. Some can produce "invalid" bytecode that tries to choke a 
decompiler. 

Another idea, use JNI to keep the stuff you want secret within a .DLL instead of the .class. You'll run into the same 
permissions problem as the first idea, so this may not work either.

Hope that helps.

Mike Scovetta