How to protect web application from piracy

Results 1 to 2 of 2

Thread: How to protect web application from piracy

  1. #1
    Join Date
    Dec 1969

    Default How to protect web application from piracy

    hi, <BR><BR> I have developed an web application using asp and access database. Now i want to give the application to clients.How i can incorporate the following features in my application.<BR><BR> 1) Licencing for 5 users,10 users and 25 users.<BR> 2) Client should not be allowed to modify the source code.<BR> 3) Client should not be allowed to modify database (already i set the db password)<BR><BR>thanks in advance<BR>raj<BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: How to protect web application from piracy

    I doubt you can.<BR><BR>1) Define a "user". Is a user defined as "one active session"? Sessions can (normally) last 20 minutes after the last request. Provided you could find out if they&#039;re "live" or not (you can&#039;t, that I know of), it would probably be inaccurate.<BR>If you define a user as a "login", then simply count the logins in the DB. If it&#039;s greater than the number it&#039;s licensed for, don&#039;t allow any new ones. However, where are you going to keep that number (how many it&#039;s licensed for)? If you keep it in the code, then updating it will be hard. It&#039;s also clear-text - who&#039;s to stop them changing it? Encoding? Yeah, could do. Would need a two-way-hash though, so much less secure.<BR><BR>2) If your application&#039;s written in ASP, then the source is clear text. You can try and encode it, but it&#039;s clear text. The ONLY way to get around that is to take the logic out of the code, put it in a DLL, and distribute that instead.<BR><BR>3) I assume your database is Access? Well, they can probably get past the DB password (there are crackers out there that are easily available). There&#039;s not much you can do. If it&#039;s SQL Server then you could install the application on their box yourself, and only give them a user that allows selects/updates/inserts, and no DB administration. However, if they have the DBO password, I&#039;m sure they could revoke those privileges...<BR><BR>Sorry, but I don&#039;t think you realistically CAN put this kind of restriction onto the system.<BR><BR>Craig.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts