Jump to content


Photo

protecting your interests


  • Please log in to reply
16 replies to this topic

#1 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 16 October 2006 - 06:08 PM

hi all
i have a question aimed at those who've developed huge libraries of scripts/frameworks.

if you develop a framework, odds are that you'll be using it for client projects. now, there's nothing really stopping a client using your framework or passing it on to other developers to use, meaning that effectively someone else is getting a jump up off the back of your hard work.

does anyone take any measures in this sort of case, to make sure that certain parts of the code remain your  copyright and 'closed source'? is it even possible to retain any form of copyright once you've handed a paid project over to the client? is it acceptible to 'encrypt' the framework part of the code but leave the project-specific code as it is?

(and please, this isn't a topic aimed at provoking the 'open-source police' who think that everything should be free :) )

cheers
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#2 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 17 October 2006 - 12:58 PM

Well, there's a few ways to look at it. 

1) They're paying for a package.  What you provide is then theirs and you're selling a service.  In that case, you're out in the cold with your pants down.  More than likely however, your clients paid you because they can't do it themselves and wouldn't know the first thing about copying the framework to another system.

2) It's yours, and you claim the rights to it and you've passed along some license agreement stating that.  In that case, I'd suggest including some kind of backend check to periodically send you an email to say where the framework resides. 

Info: PHP Manual


#3 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 17 October 2006 - 01:07 PM

hmm ok. on one hand though, surely encoding part of your framework to protect it would be no different to PHP itself being 'compiled' or using 3rd party executables? on the other hand, i see the point about them paying for a package.

as for your second question - is this type of 'phoning home' practice legal?

is there any EULA that cover things like protecting part of your package?
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#4 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 17 October 2006 - 01:12 PM

You could put it in your EULA.  There's nothing stopping you.  It's not like you have to use a blanket ULA... write your own and get them to sign off on it.  It's that easy.

Info: PHP Manual


#5 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 17 October 2006 - 01:34 PM

If you purchase Zend Platform there is some PHP code as well, but it is encrypted. That is sort of the same. I don't see any problems in encrypting your code.

#6 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 17 October 2006 - 01:46 PM

yeah. i mean it's not like their site cant be changed by a future developer if the documentation is up to scratch but i guess it's about getting regognition/permission for use of something that could give others a jump up. sure, that's not in the spirit of open source - and i'm all for open source, etc, but it's about protecting your bread and butter.
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#7 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 17 October 2006 - 02:33 PM

Here is what I came up with for my actual framework.
I use the same master folder for every site I build.
Within the function pages, I have a function I have built, or I am building, that checks for the location it's present at.  Every site that I have approved it to work on is listed there, the one's that are not, are not.
I ahve the list actually on my own website
I have the list setup in a javascript file.
So the php, will open that javascript file off my server(so no-one can mess with it), with a list of domains I know are suppose to have my master folder on there server.
I spread this function throughout my pages, so when someone visit's the site, it run's that function, which checks the javascript file on my server, and pulls out the list of accepted domains.
It checks the domains to make sure it matches, if it's not, it deletes my configuration folder from there website, it run's an uninstaller, with that it checks and chmod's the directories', and files, then it deletes all the files, then the folders associated with my website.
Thsi is how my program works.  Or will work, I have been working on that lately.  Then anytime I know a new domain is getting it put in, or I am, I put that domain into my javascript file, and that's it.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#8 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 17 October 2006 - 10:47 PM

Although I find so many violations of many copyrights everyday, what is the point of encoding your project, none of the encoders will protect your application. I think it has more to do with who you are developing for, fundamentally a corporate client is less likely to share your application (because they can pay for it), as is some individual client who thinks because they pay for it, they can share it with anyone! Now that not always the case, but I see that way more than any other way.

Then their those that put copyrights on code they didn't even write, but how can you prove it, you can't because only coding styles are most times the only deference in many different applications! Believe when I tell you, I can open 5 of the most popular forum software and find the same function that does the same thing, but it has a different name! Why because creativity in PHP is very limited because it is based on a function based structure, unlike Perl, where I can name every function that the Perl core contains on my hands and toes. So less creativity means a lot of copying going on!

As for copyright protection, the only thing you can do is prosecute any person you find in violation of your copyright. Warnings don't work, only greedy lawyers do!


me!

#9 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 17 October 2006 - 11:12 PM

Here is what I came up with for my actual framework.
I use the same master folder for every site I build.
Within the function pages, I have a function I have built, or I am building, that checks for the location it's present at.  Every site that I have approved it to work on is listed there, the one's that are not, are not.
I ahve the list actually on my own website
I have the list setup in a javascript file.
So the php, will open that javascript file off my server(so no-one can mess with it), with a list of domains I know are suppose to have my master folder on there server.
I spread this function throughout my pages, so when someone visit's the site, it run's that function, which checks the javascript file on my server, and pulls out the list of accepted domains.
It checks the domains to make sure it matches, if it's not, it deletes my configuration folder from there website, it run's an uninstaller, with that it checks and chmod's the directories', and files, then it deletes all the files, then the folders associated with my website.
Thsi is how my program works.  Or will work, I have been working on that lately.  Then anytime I know a new domain is getting it put in, or I am, I put that domain into my javascript file, and that's it.

**scratches head**
sounds a little risky - what happens if your site is ever down for what ever reason? your clients' site would go down too. i like the idea of complete self-reliance. i recently incorporated google maps into a project, and on a few occasions google maps stopped working (not very often) or slowed down (more common), so did my site.

@printf, you're probably right to the most part - however, i think encoding part of the application would at least enable you to put certain methods in place to protect you, but was wondering what the implications of encoding part of a project would be (other than the client requiring Zend Optimiser or whatever) - in terms of being asked to do a job and giving part of it encrypted. I agree somewhat that it would depend on the client you're doing the work for - I guess it's when the time comes for that client to have more work done on the site with another developer.

cheers
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#10 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 17 October 2006 - 11:21 PM

encoding, IMHO, comes back to this: do you distrust the client enough to encrypt the code, and is the code really that valuable? in my experience, i don't think i've ever worked for two clients who have had any interaction with each other. even if my code had been passed along, it would not have hurt my revenue at all. on the other hand, even though i'm fairly experienced, and i'm beginning to consider protection on some of my scripts, i don't think that anything i've written for a client has been worth the headache of encrypting.

one other thing to keep in mind if you encrypt: you'd better make darn sure you want to do all the housekeeping for that client in the future. if they have in-house developers that want to mod your code next year and it's encrypted, tough luck! IMHO, it's very seldom worth the trouble to try and encrypt something at that level.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#11 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 17 October 2006 - 11:26 PM

This may not be entirely 'on point' with the intent of the thread, but for what it's worth I'll post what I have on my site regarding copyright and who owns what and why.  I've never had a client who disagreed (although a couple thought they ought to own 'everything', they eventually saw things my way).

http://www.halfadot.com/copyright2.php

@businessman - if you plant stuff on a client web site and subsequently use it to destroy part of their property (whether you claim ownership is immaterial in law), you're going to need a darn good lawyer to avoid losing a lawsuit for civil damage against you, and it's probably illegal on your part unless you have declared the intent and got permission from the client in writing in advance.


Legend has it that reading the manual never killed anyone.
My site

#12 Jocka

Jocka
  • Members
  • PipPipPip
  • Advanced Member
  • 344 posts
  • LocationDallas, Texas

Posted 17 October 2006 - 11:35 PM

.. just a question..

how many of us have wrote some code that nobody else has ever wrote? I mean, it may not be the EXACT code used by someone else, but it's generally the same thing as some other code you can find online.

I don't see any need in encrypting a clients stuff. If he wants to give it away and you haven't agreed otherwise, that's his business. The only stuff I MIGHT encrypt is pages on my server. That would just be in the case that my server got hacked, they wouldn't know where to begin. they could delete all the files on my server but I always keep backups. And as long as my codes encrypted they still won't find any useable information like database passwords or nothing.

My opinion - who cares.

#13 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 17 October 2006 - 11:51 PM

redbullmarky, I totally understand where your coming from, I know it hurts when you write hours and hours, molding a design that your proud of, then to release it or sell it to only have it not protected can be very discouraging. My remarks are based on my experiences, and I have found it not worth the trouble, because like obsidian very goods points, you will sooner or later make more work for your self, because all applications like time need to change, so not giving your client the ability to freely do that will only hurt you more than help you!

Many years ago would try so many different methods to protect my code, but I found out very quickly my clients didn't think I trusted them, so they felt they shouldn't trust me. Think of it this way, most question ever asked to me when I wrote my first encoder, (What are you trying hide?). If you trying to sell to some big IT department they will not even talk to you. I now am less hassled by not doing it, which gives me more time on focusing on real problems.

I am freelancing other at americanexpress now, they got 80 developers that all what to do it their own way, what nightmare. That what's I call a real problem!


c, ya...

me!

#14 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 17 October 2006 - 11:55 PM

This may not be entirely 'on point' with the intent of the thread, but for what it's worth I'll post what I have on my site regarding copyright and who owns what and why.  I've never had a client who disagreed (although a couple thought they ought to own 'everything', they eventually saw things my way).

http://www.halfadot.com/copyright2.php

hi Andy
That's EXACTLY on point - thank you. I guess it's putting the warning out there before agreements which at least leaves the ball a little in your court.

It's not general bitty little functions here that I'm looking to protect - it's the collective code (framework) that gets used over and over. A developer wont take PHP to pieces, recompile it with totally different functionality, etc, when they work on a project - so i'm coming from the point of view that my framework is an 'extension to php', rather than part of the clients project. sure, that means it needs documentation for another developer to use - fine. at least it remains under my ownership/copyright though.

I'll give you a little example. This might not seem like a common feature, but in my industry it is. Several months back, i was looking at online/offline recruitment software. Each of the ones i looked at had a funky optional extra - a CV (resume) Extractor, which would take a DOC file and automatically whip out the name, address, postcode, phonenumbers, email addresses and keywords, etc and create a record automatically and attach the CV to it. Just for this optional extra, the extra cost was anything from £250 upwards to £500, depending on how much they did. me being stubborn, I did my own in PHP which works very well - however, it took me alot of time (just converting DOC to TXT was a nightmare) and is a sought after tool. A project I've possibly got lined up for the new year will require this tool so that a job seeker who registers on the website only needs to upload their CV to automatically fill in the registration form. see where i'm coming from? this is just one example that may HAVE to be encrypted, but generally I just wanna protect my 'framework', as opposed to anything project-specific - and hence not restricting future developers working on that site.

edit: @printf/obsidian, you're right about the trust issues - these obviously are important, so it's looking for ways around it. (call it a compromise, if you wish).

cheers
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#15 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 18 October 2006 - 05:53 AM

I wouldn't bother. Unless you have something unique that is vulrnenable to theft. Companies usually don't violate copyrights, so if you sell them a license to use (but not modify) a single copy of your framework, you should be fine.

It would be a different story if you were developing something for the consumer market.

#16 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 21 October 2006 - 05:26 PM

Mark, I wanted to check back on this post, I was starting to build a framework now, and was having a hell of a fun time doing it.  I wanted to find out if you ever found of a good, solid, trustworthy(legal) way to protect your framework, and if you wouldn't mind passing on the information to me, so I could use it to do the same with mine, just wondering if you had figured out anything yet.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#17 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 21 October 2006 - 06:34 PM

not really. i think AndyB kinda hit the nail on the head earlier in this topic, however i may go down the road of encrypting the framework as i've totally seperated it from any specific application code/templates, etc.

TBH, i've still not 100% decided so will probably be a case of seeing what goes when the time comes.

cheers
Mark
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users