[SOLVED] Preventing web app from being pirated

[stoneyrose]

Hi all, I am in the beginning stages of putting together a web based application that once complete will be available for sale, of course one of my concerns is people pirating the software. I have had a couple of ideas as to how to prevent pirating but I can see flaws in all of them, what i'm looking for is a way for the script to connect to a database on my end and validate the products key.

 

What's the best way for me to go about this?

 

Thanks in advance.

[DeanWhitehouse]

CURL, but you should know that websites are pretty open source so the code will be hard to stop the owners redistributing it and/or removing any validation code.

[rubing]

sounds like you should just make a table with a column containing a list of valid product keys? And then just look up to see if somebody gives you a valid product key. I wouldn't be too worried for now about multiple people sharing a key or something like that. You can code up some protections against that later.  For now, just concentrate on getting your webapp out there and making money.  you'll probably just sell it to somebody else if it really works.

[redarrow]

you can get a program that zend provides to encrypt the pages or get the whole script

locked to a domain name.

 

as you no any programmer can clone any script or project, so if your web site is that good it be cloned anyway.

 

 

you can go down the road to copy wright your i dear but to be truthful anyone can change the style and look then

improve your i dear easily then  it not your i dear.

 

 

[redarrow]

Going to add this as a theme ...

 

I have notice if the script docent act, look or interact with users like facebook, the chances are so small any script or project will sell.

 

Oh and dont forget as i have seen, if you haven't got oop for the pages then the sales will be low.

 

only repeating my findings in market research for high selling php applications..

[MadTechie]

Connecting to your own site to check for a valid number.. well if i open the php file i can just remove that routine.., encrypting that php file well thats a slow down.. won't stop me but will slow me down..

 

The thing you should remember when it comes to securing your Apps.. is you can NOT stop someone stealling it.. if you send them the program they can hack it.. What you need to work on is a protection that will last as long as it take to release a new version or will waste so much of their time its cheaper to buy it..

 

if you don't mind me asking.. whats the app ?

 

Attached is an example of Zend Encrypted Code:

 

[attachment deleted by admin]

[MadTechie]

DON'T DOUBLE POST

[stoneyrose]

Thanks very much and I apologize for the double post, the app targets users in the private aviation sector - as it's quite a niche market and I am still in the very early stages I would rather not say more, thanks again for the help.

[RecoilUK]

Hi

 

NuSphere also have a product, basically it converts your scripts into compiled PHP bytecodes which increases security and provides a performance boost, as the PHP engine has to do this anyway. Its called NuCoder and comes with a license manager, so could be just what your looking for.

 

This should stop all but the most knowledgable and persitent of hackers getting hold of the original code and prevent illegal distribution.

 

Not knowing anything about the app you have designed, its hard to recommend a strategy, but if possible, encode the scripts as stated, and also provide hosting for it, then you control access to it, you could have a set of public scripts and keep the good stuff on a seperate server behind a firewall.

 

Hope it helps.

 

L8rs

[MadTechie]

One problem with nu-coder is it requires "Php Express loader" to be installed on the Server while Zend requires "zend optimizer" which is included on most servers..

 

[*]First and foremost, the protection provided by encoders is questionable because the source code is while encrypted is still available. Decryption of such files is not terribly hard.

If there is a malicious user who wants to get your source - there is a pretty good chance that he/she will break this protection

 

[*]Second problem is the performance of the files encrypted with the php encoders from this category. Execution times tend to be slower because of the additional overhead produced by decrypting of the file prior to the processing.