We have developed a software which is server installable and is accessed by browser. We have just got our first large client which wants to use it, but wants to install it within their data center, for use by their employees.
Apart from the legal step we can take, what are the technical steps we can take to minimise chances of the code being pirated.
Our software stack is
Python + Django as the app backend.
Html, jquery + some flash and java for some pages.
Server: Linux based system, with Adobe FMS
We can give them complied pyc, swf and .jars but decompiling any of them is not particularly hard, and anway the complied assets can be used as they are.
In particular, can we use a hardware dongle to solve this problem?
If you're dealing with a large, well known company, then in general you shouldn't worry too much about them pirating your software. If they do, the potential PR problem for them is pretty big.
What you should worry more about is them exceeding the amount of users (seats) sold, because they don't know how many people are using it. And for that, the easiest thing to do is to give a site/company license, so that the software doesn't count users.
In general, for the first sales, you do whatever you have to do to make it work. You need the sales.
My worry with your setup is that Operations will hate it. Python is unusual in the corporate world, I don't even know what Adobe FMS is. Many large companies have standardized their technology stack, so f.x. the Ops team could refuse to install MySQL, because they support only Oracle and MSSQL for databases. Do what you can to make this smooth, possibly install the software yourself.
As for your DRM question:
Of the above, the "outrun the hackers" would be my personal choice.