How to protect your digital assets for a server based software when your software is installed within a third party Data centre


2

We have developed a software which is server installable and is accessed by browser. We have just got our first large client which wants to use it, but wants to install it within their data center, for use by their employees.

Apart from the legal step we can take, what are the technical steps we can take to minimise chances of the code being pirated.

Our software stack is

Python + Django as the app backend.
Mysql DB

Frontend uses
Html, jquery + some flash and java for some pages.

Server: Linux based system, with Adobe FMS

We can give them complied pyc, swf and .jars but decompiling any of them is not particularly hard, and anway the complied assets can be used as they are.

In particular, can we use a hardware dongle to solve this problem?

Software Piracy

asked Jul 28 '10 at 17:39
Blank
Shabda
159 points

1 Answer


1

If you're dealing with a large, well known company, then in general you shouldn't worry too much about them pirating your software. If they do, the potential PR problem for them is pretty big.

What you should worry more about is them exceeding the amount of users (seats) sold, because they don't know how many people are using it. And for that, the easiest thing to do is to give a site/company license, so that the software doesn't count users.

In general, for the first sales, you do whatever you have to do to make it work. You need the sales.

My worry with your setup is that Operations will hate it. Python is unusual in the corporate world, I don't even know what Adobe FMS is. Many large companies have standardized their technology stack, so f.x. the Ops team could refuse to install MySQL, because they support only Oracle and MSSQL for databases. Do what you can to make this smooth, possibly install the software yourself.

As for your DRM question:

  • In the world of Java and .NET one generally uses obfuscators to make decompiling the code harder. I don't know if Python even has a obfuscator, but that could be your first thing to look at.
  • You can make your code tied to the network card (which has a unique ID embedded in the hardware), or to a dongle. There are many old dongle protection systems available for purchase. Again Ops is not going to like this, it potentially messes up their options for moving the software to another server in case of an emergency. Without obfuscation, I question how useful a dongle or NIC lock will be against a determined cracker -- after all, he can easily edit the bytecode.
  • "Call home", making the code make a periodic call to your servers, with the license key of the installation. At least makes it easy to discover when a license key is being redistributed and used in many places, and to prohibit upgrading on the hacked license keys.
  • "Outrun the hackers". Don't bother with DRM protection on the first releases of your product, because you know these releases are somewhat weak on functionality, and later releases will be much much better. So you don't add DRM before your company is somewhat larger, and the software perhaps is in version 3.x or 4.x, under the assumption that the first versions won't really be worth pirating when compared to your latest versions.

Of the above, the "outrun the hackers" would be my personal choice.

answered Jul 28 '10 at 18:56
Blank
Jesper Mortensen
15,292 points
  • Jesper: What about this, we have precreated Linux images with our software, we send their Ops these linux images. Would DRM be easier to enforce at this level than at obfuscating the Python, swf and Jars. – Shabda 14 years ago
  • @Shabda: Do you mean to create a Virtual Machine image file for f.x. VMWare, and send that to the customer? No, VM files can trivially be opened and their contents read, so it's not a hard copy protection mechanism. But it's a *great* way to avoid most of the installation headaches that I mentioned above, so I definitely think it's worth pursuing if your customers use f.x. VMWare. Regarding protection, you probably need to ask on some of the Django / Python specific forums what they use. Your question may be too specialized to get really great answers here...? – Jesper Mortensen 14 years ago
  • @shabda: wouldn't an image make it even easier to copy & deploy in an uncontrolled fashion? wouldn't want to see it on ec2... – Jim Galley 14 years ago

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Software Piracy