Jump to content

Recommended Posts

hi all
i have a question aimed at those who've developed huge libraries of scripts/frameworks.

if you develop a framework, odds are that you'll be using it for client projects. now, there's nothing really stopping a client using your framework or passing it on to other developers to use, meaning that effectively someone else is getting a jump up off the back of your hard work.

does anyone take any measures in this sort of case, to make sure that certain parts of the code remain your  copyright and 'closed source'? is it even possible to retain any form of copyright once you've handed a paid project over to the client? is it acceptible to 'encrypt' the framework part of the code but leave the project-specific code as it is?

(and please, this isn't a topic aimed at provoking the 'open-source police' who think that everything should be free :) )

cheers
Link to comment
https://forums.phpfreaks.com/topic/24122-protecting-your-interests/
Share on other sites

Well, there's a few ways to look at it. 

1) They're paying for a package.  What you provide is then theirs and you're selling a service.  In that case, you're out in the cold with your pants down.  More than likely however, your clients paid you because they can't do it themselves and wouldn't know the first thing about copying the framework to another system.

2) It's yours, and you claim the rights to it and you've passed along some license agreement stating that.  In that case, I'd suggest including some kind of backend check to periodically send you an email to say where the framework resides. 
hmm ok. on one hand though, surely encoding part of your framework to protect it would be no different to PHP itself being 'compiled' or using 3rd party executables? on the other hand, i see the point about them paying for a package.

as for your second question - is this type of 'phoning home' practice legal?

is there any EULA that cover things like protecting part of your package?
yeah. i mean it's not like their site cant be changed by a future developer if the documentation is up to scratch but i guess it's about getting regognition/permission for use of something that could give others a jump up. sure, that's not in the spirit of open source - and i'm all for open source, etc, but it's about protecting your bread and butter.
Here is what I came up with for my actual framework.
I use the same master folder for every site I build.
Within the function pages, I have a function I have built, or I am building, that checks for the location it's present at.  Every site that I have approved it to work on is listed there, the one's that are not, are not.
I ahve the list actually on my own website
I have the list setup in a javascript file.
So the php, will open that javascript file off my server(so no-one can mess with it), with a list of domains I know are suppose to have my master folder on there server.
I spread this function throughout my pages, so when someone visit's the site, it run's that function, which checks the javascript file on my server, and pulls out the list of accepted domains.
It checks the domains to make sure it matches, if it's not, it deletes my configuration folder from there website, it run's an uninstaller, with that it checks and chmod's the directories', and files, then it deletes all the files, then the folders associated with my website.
Thsi is how my program works.  Or will work, I have been working on that lately.  Then anytime I know a new domain is getting it put in, or I am, I put that domain into my javascript file, and that's it.
Although I find so many violations of many copyrights everyday, what is the point of encoding your project, none of the encoders will protect your application. I think it has more to do with who you are developing for, fundamentally a corporate client is less likely to share your application (because they can pay for it), as is some individual client who thinks because they pay for it, they can share it with anyone! Now that not always the case, but I see that way more than any other way.

Then their those that put copyrights on code they didn't even write, but how can you prove it, you can't because only coding styles are most times the only deference in many different applications! Believe when I tell you, I can open 5 of the most popular forum software and find the same function that does the same thing, but it has a different name! Why because creativity in PHP is very limited because it is based on a function based structure, unlike Perl, where I can name every function that the Perl core contains on my hands and toes. So less creativity means a lot of copying going on!

As for copyright protection, the only thing you can do is prosecute any person you find in violation of your copyright. Warnings don't work, only greedy lawyers do!


me!
[quote author=businessman332211 link=topic=111680.msg453150#msg453150 date=1161095605]
Here is what I came up with for my actual framework.
I use the same master folder for every site I build.
Within the function pages, I have a function I have built, or I am building, that checks for the location it's present at.  Every site that I have approved it to work on is listed there, the one's that are not, are not.
I ahve the list actually on my own website
I have the list setup in a javascript file.
So the php, will open that javascript file off my server(so no-one can mess with it), with a list of domains I know are suppose to have my master folder on there server.
I spread this function throughout my pages, so when someone visit's the site, it run's that function, which checks the javascript file on my server, and pulls out the list of accepted domains.
It checks the domains to make sure it matches, if it's not, it deletes my configuration folder from there website, it run's an uninstaller, with that it checks and chmod's the directories', and files, then it deletes all the files, then the folders associated with my website.
Thsi is how my program works.  Or will work, I have been working on that lately.  Then anytime I know a new domain is getting it put in, or I am, I put that domain into my javascript file, and that's it.
[/quote]
**scratches head**
sounds a little risky - what happens if your site is ever down for what ever reason? your clients' site would go down too. i like the idea of complete self-reliance. i recently incorporated google maps into a project, and on a few occasions google maps stopped working (not very often) or slowed down (more common), so did my site.

@printf, you're probably right to the most part - however, i think encoding part of the application would at least enable you to put certain methods in place to protect you, but was wondering what the implications of encoding part of a project would be (other than the client requiring Zend Optimiser or whatever) - in terms of being asked to do a job and giving part of it encrypted. I agree somewhat that it would depend on the client you're doing the work for - I guess it's when the time comes for that client to have more work done on the site with another developer.

cheers
encoding, IMHO, comes back to this: do you distrust the client enough to encrypt the code, and is the code really that valuable? in my experience, i don't think i've ever worked for two clients who have had any interaction with each other. even if my code had been passed along, it would not have hurt my revenue at all. on the other hand, even though i'm fairly experienced, and i'm beginning to consider protection on some of my scripts, i don't think that anything i've written for a client has been worth the headache of encrypting.

one other thing to keep in mind if you encrypt: you'd better make darn sure you want to do all the housekeeping for that client in the future. if they have in-house developers that want to mod your code next year and it's encrypted, tough luck! IMHO, it's very seldom worth the trouble to try and encrypt something at that level.
This may not be entirely 'on point' with the intent of the thread, but for what it's worth I'll post what I have on my site regarding copyright and who owns what and why.  I've never had a client who disagreed (although a couple thought they ought to own 'everything', they eventually saw things my way).

http://www.halfadot.com/copyright2.php

@businessman - if you plant stuff on a client web site and subsequently use it to destroy part of their property (whether you claim ownership is immaterial in law), you're going to need a darn good lawyer to avoid losing a lawsuit for civil damage against you, and it's probably illegal on your part unless you have declared the intent and got permission from the client in writing in advance.

.. just a question..

how many of us have wrote some code that nobody else has ever wrote? I mean, it may not be the EXACT code used by someone else, but it's generally the same thing as some other code you can find online.

I don't see any need in encrypting a clients stuff. If he wants to give it away and you haven't agreed otherwise, that's his business. The only stuff I MIGHT encrypt is pages on my server. That would just be in the case that my server got hacked, they wouldn't know where to begin. they could delete all the files on my server but I always keep backups. And as long as my codes encrypted they still won't find any useable information like database passwords or nothing.

My opinion - who cares.
[b]redbullmarky[/b], I totally understand where your coming from, I know it hurts when you write hours and hours, molding a design that your proud of, then to release it or sell it to only have it not protected can be very discouraging. My remarks are based on my experiences, and I have found it not worth the trouble, because like [b]obsidian[/b] very goods points, you will sooner or later make more work for your self, because all applications like time need to change, so not giving your client the ability to freely do that will only hurt you more than help you!

Many years ago would try so many different methods to protect my code, but I found out very quickly my clients didn't think I trusted them, so they felt they shouldn't trust me. Think of it this way, most question ever asked to me when I wrote my first encoder, (What are you trying hide?). If you trying to sell to some big IT department they will not even talk to you. I now am less hassled by not doing it, which gives me more time on focusing on real problems.

I am freelancing other at americanexpress now, they got 80 developers that all what to do it their own way, what nightmare. That what's I call a real problem!


c, ya...

me!
[quote author=AndyB link=topic=111680.msg453441#msg453441 date=1161127573]
This may not be entirely 'on point' with the intent of the thread, but for what it's worth I'll post what I have on my site regarding copyright and who owns what and why.  I've never had a client who disagreed (although a couple thought they ought to own 'everything', they eventually saw things my way).

http://www.halfadot.com/copyright2.php
[/quote]
hi Andy
That's EXACTLY on point - thank you. I guess it's putting the warning out there before agreements which at least leaves the ball a little in your court.

It's not general bitty little functions here that I'm looking to protect - it's the collective code (framework) that gets used over and over. A developer wont take PHP to pieces, recompile it with totally different functionality, etc, when they work on a project - so i'm coming from the point of view that my framework is an 'extension to php', rather than part of the clients project. sure, that means it needs documentation for another developer to use - fine. at least it remains under my ownership/copyright though.

I'll give you a little example. This might not seem like a common feature, but in my industry it is. Several months back, i was looking at online/offline recruitment software. Each of the ones i looked at had a funky optional extra - a CV (resume) Extractor, which would take a DOC file and automatically whip out the name, address, postcode, phonenumbers, email addresses and keywords, etc and create a record automatically and attach the CV to it. Just for this optional extra, the extra cost was anything from £250 upwards to £500, depending on how much they did. me being stubborn, I did my own in PHP which works very well - however, it took me alot of time (just converting DOC to TXT was a nightmare) and is a sought after tool. A project I've possibly got lined up for the new year will require this tool so that a job seeker who registers on the website only needs to upload their CV to automatically fill in the registration form. see where i'm coming from? this is just one example that may HAVE to be encrypted, but generally I just wanna protect my 'framework', as opposed to anything project-specific - and hence not restricting future developers working on that site.

[b]edit[/b]: @printf/obsidian, you're right about the trust issues - these obviously are important, so it's looking for ways around it. (call it a compromise, if you wish).

cheers
I wouldn't bother. Unless you have something unique that is vulrnenable to theft. Companies usually don't violate copyrights, so if you sell them a license to use (but not modify) a single copy of your framework, you should be fine.

It would be a different story if you were developing something for the consumer market.
Mark, I wanted to check back on this post, I was starting to build a framework now, and was having a hell of a fun time doing it.  I wanted to find out if you ever found of a good, solid, trustworthy(legal) way to protect your framework, and if you wouldn't mind passing on the information to me, so I could use it to do the same with mine, just wondering if you had figured out anything yet.
not really. i think AndyB kinda hit the nail on the head earlier in this topic, however i may go down the road of encrypting the framework as i've totally seperated it from any specific application code/templates, etc.

TBH, i've still not 100% decided so will probably be a case of seeing what goes when the time comes.

cheers
Mark
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.