One for the gurus ! How would you design and solve this ?


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 5 of 5

Thread: One for the gurus ! How would you design and solve this ?

Hybrid View

  1. #1
    Softwaremaker Guest

    One for the gurus ! How would you design and solve this ?


    Hi all fellow developers,

    Say, I am developing a Web application for a company (ComA) using ASP.

    This solution after its done will be handed over to ComA. I will still retain
    the rights to the program tho. I want this full ASP solution, once its being
    used, to send and notify my website where my website will take note of the
    URL (ComA's URL) and log an entry into my database (on my site) then sends
    itself back to the ComA's URL where they will continue with the processing
    of their application. The best would be to send back a certain value or parameter
    and the application on ComA will act accordingly.

    This is to prevent unauthorised copying and infringment of the source and
    my rights. How would you guys plan and design this ?
    Do you think ASP scripts can do the job ? After all, anyone in ComA can take
    a look at those scripts and work around that after a while. Maybe webclasses
    or COM objects. Any ideas ?

    Thanks for your advice and help.


    __________________
    William
    www.SoftwareMaker.net
    William@SoftwareMaker.net



  2. #2
    Russell Jones Guest

    Re: One for the gurus ! How would you design and solve this ?

    Interesting problem.

    Consider creating a free-threaded component that performed some critical
    part of the processing for the application, and load the component in
    global.asa. During application startup, you could have the component post
    the notification data you want to your Web site. You should also make sure
    that the component will work even if it can't reach your Web site, and that
    you have a way to change the URL that the component called. Alos, consider
    having it log the data somewhere--in the application log, the database, or a
    file. Your site should send back an acknowledgement that would set a flag
    inside the component. Each time the application called the component, you
    can check to make sure the acknowledgement had been received, and if not,
    retry the notification operation. You should make a decision about what to
    do after some number of unsuccessful tries; for example, you could disable
    the application altogether, or you could begin to generate notices of some
    kind. You're right that you can't create a robust solution with ASP pages
    alone. Depending on your needs, you could force the operation to occur every
    time the application starts, or only the first time the application runs,
    after which you can check the environment against a stored bit of data to
    ensure that the application is still running on the same server.

    I suspect you'll run into instances where the server on which the
    application is installed can't reach your server. After a certain number of
    unsuccessful tries, you could consider having the component create a client
    script that forced the client browser to post the data to your site--perhaps
    by creating a hidden iframe in the HTML--thus moving the responsibility for
    connecting to your site from the installed server to the client. You could
    potentially also use this second type of connection to track the number of
    users of your application from the installed site.

    A good network administrator and a good programmer could defeat these
    methods without too much trouble, but the average person either wouldn't be
    able to, or wouldn't bother.

    Obviously, your site's availability is critical to the success of any such
    mechanism. I suspect you're potentially liable for damages from legitimate
    users if you disable or damage the application in the event it can't reach
    your site, so you should think long and hard before you implement any such
    feature. You may also be liable for damages if you don't publicize the fact
    that the application contacts your site and sends information--and you'll
    need to state exactly what information it sends, otherwise you're
    effectively "stealing" private information from the company that installed
    your application. If I were buying your application, that would probably be
    a show-stopper.


    "Softwaremaker" <William@softwaremaker.net> wrote in message
    news:3c045d7c$1@147.208.176.211...
    >
    > Hi all fellow developers,
    >
    > Say, I am developing a Web application for a company (ComA) using ASP.
    >
    > This solution after its done will be handed over to ComA. I will still

    retain
    > the rights to the program tho. I want this full ASP solution, once its

    being
    > used, to send and notify my website where my website will take note of the
    > URL (ComA's URL) and log an entry into my database (on my site) then sends
    > itself back to the ComA's URL where they will continue with the processing
    > of their application. The best would be to send back a certain value or

    parameter
    > and the application on ComA will act accordingly.
    >
    > This is to prevent unauthorised copying and infringment of the source and
    > my rights. How would you guys plan and design this ?
    > Do you think ASP scripts can do the job ? After all, anyone in ComA can

    take
    > a look at those scripts and work around that after a while. Maybe

    webclasses
    > or COM objects. Any ideas ?
    >
    > Thanks for your advice and help.
    >
    >
    > __________________
    > William
    > www.SoftwareMaker.net
    > William@SoftwareMaker.net
    >
    >




  3. #3
    Digit Guest

    Re: One for the gurus ! How would you design and solve this ?


    I like the way you think. I ran into the same problem and had to get an attorney
    involved to solve it.

    I went the route of com objects. You can place most of your code inside com
    objects with minimum changes. The bonus is you can re-use the code and it
    executes quicker. You both win.

    Digit

  4. #4
    Derek Guest

    Re: One for the gurus ! How would you design and solve this ?


    William,

    It is possible to ASPEncrypt your ASP pages (MS have a tool to do this).
    It slows down your site marginally but nobody but nobody can look into your
    ASP code.

    To avoid illegal use is a typical licensing scenario. In the past I have
    created a component that gets instatiated in the Global.asa and needs a special
    string in the application variable to work. The component changes the string
    it requires regularily. I used a secure page to post the new string to an
    admin page which updates the string in the application variable. If this
    string doesn't get updated then the site stops running (I do the check in
    a component that is used to get the applications database connection string
    (or strings if multiple DBVs are supported). If the license string check
    fails, no connections, no working application.

    There are numerous other licensing models you could use (strong name key,
    certificate signing, etc).


    Look into the ASP encryptor as this will protect your source code rights
    in any event.


    Good luck.










    "Softwaremaker" <William@softwaremaker.net> wrote:
    >
    >Hi all fellow developers,
    >
    >Say, I am developing a Web application for a company (ComA) using ASP.
    >
    >This solution after its done will be handed over to ComA. I will still retain
    >the rights to the program tho. I want this full ASP solution, once its being
    >used, to send and notify my website where my website will take note of the
    >URL (ComA's URL) and log an entry into my database (on my site) then sends
    >itself back to the ComA's URL where they will continue with the processing
    >of their application. The best would be to send back a certain value or

    parameter
    >and the application on ComA will act accordingly.
    >
    >This is to prevent unauthorised copying and infringment of the source and
    >my rights. How would you guys plan and design this ?
    >Do you think ASP scripts can do the job ? After all, anyone in ComA can

    take
    >a look at those scripts and work around that after a while. Maybe webclasses
    >or COM objects. Any ideas ?
    >
    >Thanks for your advice and help.
    >
    >
    >__________________
    >William
    >www.SoftwareMaker.net
    >William@SoftwareMaker.net
    >
    >



  5. #5
    Marcus Tucker Guest

    Re: One for the gurus ! How would you design and solve this ?


    Russell Jones makes some excellent points - I wholeheartedly agree with his
    suggestions.

    Just to clarify though, NO-ONE should rely on the MS Script Encoder to protect
    their code. It can be decrypted back to the original script VERY EASILY.
    Thus, any checking system is best left to a COM component as Russell says.

    What about using the server's specific NIC MAC address(es) - This is essentially
    a unique ID, and would be ideal for use as information to look up in your
    database to verify the license. The MAC address of the NIC bound to the internet
    connection can be obtained through scripting. I suggest recompiling your
    COM object with the hardcoded MAC address changed for each specific license
    (naturally, you would need to obfuscate and/or checksum the MAC address string
    so that it could not simply be hexedited) - or use an RC4 encrypted license
    file which you generate and deploy with each installation, which is sent
    to your live web server for authentication. It is clearly important to make
    sure that you allow for the possibility of multiple NICs in the machine,
    but no problem to accomodate.

    If any of the above isn't particularly clear, it's probably beacuse I've
    got a terrible hangover and I'm about to fall asleep, but please contact
    me via email if you need more info! (I don't visit this group on a regular
    basis)

    Good luck!

    Regards,

    Marcus Tucker
    www.marcustucker.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center