I dont know if this question has been raised before, but is there a way to protect the source code of a strategy? I'm talking about preventing a user from viewing the source code within the JForex platform itself. And also, what steps can be taken to prevent users from trying to decompile a strategy back into Java?

Please do reply when you can, Mods

It's a big question teknomage,
If you have any ideas please tell us. There is one problem with encrypting, we need to unlock it before script will be launched for execution engine.
So I don't see any way to make 100% sure of securing source code if you send compiled script to someone.

Hello,

Related to this, can you confirm that neither Dukascopy nor any third party have access to the Javascript source code of clients Services through JForex.

In otherwords, that services source code is never under any circumstances uploaded from the client machine via JForex.

Many thanks

NO! Scripts never sends to DC or to any other.
Only problem exists - how to protect developers ideas who send compiled script to somebody. I don't see 100% solution for this.

Even if there is no way to secure it 100%, you still can make it very hard to understand.
1. Write your strategy in separate classes (not in the same file). You can put in main strategy file, that implements IStrategy interface, only calls to some other class. For example put in onTick method call to another class - myClass.onTick(instrument, tick)
2. Put that class in separate jar and attach it as a library to the main strategy file in annotation
3. Obfuscate your jar file with some obfuscator (Proguard for example)

Now you will have all you logic in separate jar that is obfuscated, and even if someone will decompile it, it will be hard to understand, because all the variables, class names etc will be renamed to meaningless names like aa, bb, ac etc.
You can read about proguard and obfuscation here - https://proguard.sourceforge.net/

As the libraries are only loaded once in a platform run, it turned out a good practice for me to hold the strategy code in one file
during coding and debugging and only for "releasing" a build move the classes to their own jar-files and obfuscate them.
Otherwise you have to shutdown and restart the platform every other minute when you are debugging.

I thought of obfuscating my code as well, but quite frankly, that doesn't really provide much security... especially since there are obfuscation crackers out there as well. What surprises me is the fact that JForex is such a good platform to program on, but how could the developers have missed out on such an pertinent issue as source code encryption and security

Anyways, let me put the two hemispheres of my brain together and see if i can come up with a productive solution to this issue...

Ciao!

This is not true, libraries are loaded every time you compile your strategy and put together in one jfx file. You don't need to restart the platform every time you change your jar, but you need to recompile the strategy.

ahh, that's great to hear!

Thanks a lot,
R.