Peter Skouhus
|
| Posted: 07/25/2002, 9:37 PM |
|
Hi,
We are developing quit a large application using Codecharge to do it. We want to sell this application. Now our problem is how do we avoid that people purchase one version and then install it on several other.
Our idea was to do something like what's done w/ code charge when you purchase that one. My guess is, that they are properly reading the serial number of the processor and through that generating a unique key.
Any idea would be appreciated.
|
|
|
 |
Chris K.
|
| Posted: 07/26/2002, 1:50 AM |
|
Hi,
It's practically impossible to protect web application. Web applications are mostly text-based scripts, even if you put some protection code inside it's always possible for decent programmer to remove, comment or disable such protection. Some languages offer script encoding, but this is not a good protection (I'm not sure how hard to decode is PHP Endoder), encoded ASP scripts are easy to decode, if you produce Java classes they are possible to decompile as well, similarly with .NET code.
Another solution to make application altering harder for customer is to obfuscate its code. There are tools that make scripting code hard to read and analyse, but still valid.
In my opinion the best solution to protect your software is a good licence that constraints customer's actions and states all conditions clearly.
Chris
|
|
|
|
Edd
|
| Posted: 07/26/2002, 5:40 AM |
|
If you are building in ASP you might want to check out the code compilers out there which will generate a DLL, e.g.
http://www.newobjects.com/prodct/Category/61/Story/267
It is one of about three commercial products we are considering - but as yet have not even tested. I would be interested if anyone has suceeded in this area.
Hope this helps.
|
|
|
|
Jym Nils
|
| Posted: 07/26/2002, 6:28 AM |
|
i belive that he only alternative to protect your code is to offer a totaly hosted solution, so the buyer will dont have real acces to your code, but he will have all the functionality of them
Regards
|
|
|
|
NR
|
| Posted: 07/31/2002, 6:01 PM |
|
A Crazy idea (it sounds a lot like Microsoft activation, but...)
Now a days there are good chances that most of your costumers do have a permanent connection with a fixed internet IP.
Make the application ask one of your servers (throught http or some other way) if the IP is in a 'licensed installation'.
If not it will not work properly. For instance it might not save data in some important tables. Don't stop the application.
Make the problem dificult to find and to understand. You can record several of this unauthorized attempts and do whatever you want with the recorded IP.
With a serial number in your application you can even trace from where the original was duplicated.
For those costumers without a fixed IP you might replace this function with one that verifies the content of a special file.
This file should have a very unsuspect name and location and a cryptic or dummy content.
It should be in the include path and not in the application path and should not be easy to spot.
Chances are that someone will not notice that this file is required and forget to take it when duplicating the application.
The application will work if the file is not found but might behave as badly before.
Make those functions specially hard or misleading to understand.
Last but not the least: check Zend encoder at www.zend.com if you are using PHP.
I'm not sure if it is a solution for this case but it does encrypt PHP code.
The only drawbacks are: it is not cheap and you need to install Zend Optimizer (free) in your customer.
I've tried it but I can not remember if there was a specific key to encode/decode or if the Optimizer will always decode the file.
Anyway it will protect your source code from being viewed and changed making duplication a bit harder to do.
|
|
|
|
Sam Moses
|
| Posted: 08/01/2002, 9:25 PM |
|
Last I checked, Codecharge supported C#. The beauty of C# is that it compiles. It's also very effective and fast, although it does take a bit of learning to get right. When you compile your code, the only way to disassemble it is with Assembler (I think). And even then you just get a sequence of ones and zeros. The work that it would take to reassemble the ones and zeros back into code takes a level of hacker that would probably not be interested in buying your product anyway. That's probably your best bet for protecting your source.
If you are going to do it the old fashioned way though, you might want to package your application into an installer like InstallSheild or some other installer program which (with a little vb) can be used to create an unlocking program.
Although, I don't know if instinctive distrust of your clientele is such a hot idea. Why do software development companies automatically assume that everyone is a software pirate?
Using a simple logging program written in ASP and a little client side Javascript, you can have the program check in with you at timed intervals. Rather than locking it up, log who's using it. If it's abused... call the BSA (Business Software Alliance: AKA Copyright Ghishtapo), and sue for $100,000 a day per installation.
Any way you look at it, you have rights as a software vendor no matter what kind of software you are selling.
Rather than doing something that will hurt your marketability, you might want to do some research and find out exactly what those specific rights are in this particular instance. There is TON of documentation on the subject.
Personally, I would start at Google.
Best Regards,
Sam Moses
http://sammoses.com
|
|
|
|
|
