|
|
|
|
#1
10-26-2015, 12:03
|
||||
|
||||
|
For me, the protections I usually stick to for my things are:
- Any sensitive functions or workflow is not coded in any managed language. - Any sensitive functions or workflow is not hard-coded into the client at all. - Validation requires an internet connection and is handled remotely. - No simple jump/call bypass for the validation because required data is returned if validated. I use a streaming setup with a client <> server communication approach. My client applications are 'stupid' in the sense that they are just enough to turn on, but they lack key functions and data required to make them operate. When they boot up, a validation handshake is performed with the server where some type of data is collected from the client machine, be it a login (username/password) or other random data like hardware ids etc. and is sent to the server for validation. If valid, the server will send back important information required for the client to run. It could be something basic like a key, or something intense like run-time ready code that can be compiled on the fly and so on. A client can't just be manipulated with a single byte patch in this case as regardless if you make it assume it validated, it will not have the needed data to run without the server giving it back. Not a fool proof method but a lot more work is required in order to bypass the protection entirely so it helps keep the skids away. 
|
|
#2
10-26-2015, 13:13
|
|||
|
|||
|
Quote:
The technique shown in this post here at : Quote:
And after that the person can go "live" and use the app as normal ! You can try it out and see.. Of course, if you say that ALL or most of your code for ALL the program and its features would run on the SERVER ONLY, then of course, the program would be really a WEB APPLICATION and hence though "officially" its "installed" on the client computer, it would not be really a desktop application but a client-server app. I believe our friend has asked about INSTALLABLE programs who do a MAJORITY of the processing on the client computer (as opposed to on a server), and hence I am discussing in reference to programs with such functionality. I draw this conclusion as he specifically asked for "software" to protect his software ... One can argue that the checks can be done multiple times when the pogram is running, but surely, this would interfere more or less greatly with the functionality and speed of the program, and even then, those parts could be recorded and replayed as necessary, once they are known... I would say that the BEST form of "protection" would be to sell your FULL program only to customers whom you identify and know, in the form a Credit Card that they use to pay etc (A crippled Evaluation version can be given out if needed, to everyone else). Then you can use WATERMARKS so that you can identify the customers who have "leaked" them and then deny them updates as well as any future sales of programs. They can be legally "charged" as well, as you now know their identity. Once can also build into their program, a facility to remotely DISABLE or cripple the program, if the "leaked" programs are ever on a computer connected to the internet (easily bypassed, but yet an additional protection). Only a small minority of such customers have "genuine" issue of a lost program that got leaked, and are easily identified. Again, these are not foolproof but they work almost 85% of the time or more, in most cases ( we used it earlier and it worked pretty well).
|
| The Following User Says Thank You to TechLord For This Useful Post: | ||
SOLAR (11-19-2015) | ||
 |
| Tags |
| protection |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
