Dynamic signature codes reconfiguration is proposed to combat with eavesdroppers to enhance confidentiality over optical code-division multiple-access (OCDMA) networks. The code reconfiguration is achieved by exclusively assigning to each user a set of M codes and randomly selecting one among them to represent each user's signature. A central node station is assumed to monitor network traffic condition and to signal transceiver coder-decoder pair to perform signatures changing. The network confidentiality is enhanced by dynamically reconfiguring signatures using wavelength shifted carrier-hopping prime codes (CHPCs). Security performance result shows that the probability of error-free code detection gets worse when M increases and the eavesdropper's codes detection becomes more difficult, thus network confidentiality is significantly increased.