Copy protectiong a CMS application

[billybones]

I have developed and built my own CMS, which uses a core file for all configuration and functions.

The CMS will be sold to companies on a project basis that could essentially steal it and re use it over and over again.

 

So i thought to stop this i could host the Core file on my web server which would contain an array of domains it is allowed to be included on, then include it from the CMS on the clients hosting.

This would obviously protect people from re using, but is it a good practice?? and would it even work?

Thanks in advance.

 

[alexweber15]

as far as working goes yeah it probably would (might have problem cross-domain requests) but nothing that cant be gotten around.

 

but consider this:

- your bandwidth usage might go through the roof and increase your hosting expense

- you become liable for ANY downtime that clients experience (and i mean its happened to google who have like a cluster of a billion servers and there's always external factors that our out of your control that could have an impact)

- you'll be the script-nazi or something equivalent

 

and there's a ton of other reasons NOT to do this.  first of all, read this (open-source license comparison) ok now im not trying to push my beliefs on you or brainwash or anything like that but as long as you live in the US (or another country with decent internet/intellectual property legislation) making it open-source != giving it away.

 

the very first e-commerce solution i implemented i used a paid template for (ecommercetemplates dot com or something like that) and it actually never went live but was a great learning experience (so i can technically still use it btw) but anyway the point im getting at is they had a decent way of guaranteeing what you're trying to do.

 

Updates.

 

That's all.  Updates.  Basically you pay a 1-time fee download the current version in all its open-source glory and use it.  And you get 6 months free updates.  After that you keep sending update emails (unless they opt out) and your customers will realize that if its a good product its worth paying for updates/support.

 

In fact, support is probably where you might have the potential to make the most money as opposed to sales.

 

Other positive aspects are offering addons and themes and stuff and the major advantage of making it open-source is that your clients can customize it to match their branding, which is a HUGE plus for them (at least it was for me when i was in that position).

 

Now as far as stopping people from using the app on more than one project/domain you could enforce this by making your clients tell you where its hosted.  i dont think there'd be a problem with that.  so you still have your list of allowed domains.  and if you find it elsewhere being used for commercial purposes than you take legal action.

 

you could also and i definitely don't support this sneak in some little snippet of code that pings your domain so you know who's using it (but if its open source it can just as easily be removed).

 

Anyway good luck!

[alexweber15]

oh and i almost forgot:

 

even though i said CMS and you clearly stated it too was thinking e-commerce the whole time...lol... sleep deprivation does take its toll.

 

if its a cms and you are bent on making money of it then open source may not be a good alternative because a cms could be a blog, news site, etc (personal use) which doesnt infringe the license.

 

so there is an alternative to protect your code:

 

OBFUSCATE THE HELL OUT OF IT!!! 

 

seriously.  dont mean to be one of those "google it" pricks, but there's links to free php apps that do exactly that in at least 6 of the first 10 results!

 

also take a look at the PHAR extension/class/whathaveyou at first it seems like zipping it, but if you read a bit further down the documentation mentions a multitude of ways to encrypt and protect your source.

 

the plus here is that it makes it easier to distribute too

 

but be warned, pretty much anything can be reverse-engineered.  ok depending on the encryption you use it could take days, weeks even months, but it will happen!

[billybones]

Awesome replys Alex, thanks for your help, i did think about making the code rotten to read but will also make life hard for me when i come to add an update because i will have to keep re obfuscating lol!

[alexweber15]

lol not necessarily   you could just create some sort of batch or wait, what am i talking about, PHP script (!) that obfuscates/PHARs all the stuff automatically.

 

so you work with normal code then run the script, grab the jibberishy output and distribute it.

just make sure you use some sort of version control so you don't shoot yourself in the face by mistake

 

either way, give some thought to what i mentioned about user customization... imagine if all blogs looked like that default blue and white wordpress theme    at least give them a nice customizable theme engine to work with!