6 Replies - 1474 Views - Last Post: 15 February 2012 - 08:00 PM

#1 Macjohn  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 80
  • View blog
  • Posts: 407
  • Joined: 10-April 09

Protect your code.

Posted 31 January 2012 - 05:23 AM

Hey guys...

I'm a bit lost here... I've been creating a small app in php to one of my jobs, where they can organize the blueprints with the location of the computers and their name and all that stuff related to it.
And I kinda over heard some guys from the the small company that gives them technical support that they were very interested in downloading it to them.

I know that is not a million dollar app but is my app, I did it in my spare time and "gave" it to the company so the person that replaces me when I'm not there can use it and not some other people to their own use.
So I would like to know what do you guys think and what are your propositions.

Is This A Good Question/Topic? 0
  • +

Replies To: Protect your code.

#2 tlhIn`toq  Icon User is online

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5513
  • View blog
  • Posts: 11,821
  • Joined: 02-June 10

Re: Protect your code.

Posted 31 January 2012 - 07:51 AM

First is code obfuscation. Something like Dotfuscator, to make the compiled code unreachable to dis-assemblers. Or at the very least very very hard to read. All of your methods in the installed executable are renamed, hidden, overrriden and so on to thwart hackers.

The next is some type of hardware requirement. There are professional software security dongles like the Aladdin HASP or the KeyLok fortress. Your software checks for the presense of the hardware dongle, checks for bits written to its own memory for permission to run etc. No dongle, no execution.

But there are some tricks for making your own hardware requirement without spending the money for professional dongles. Have your software require a specific file on a USB flash drive. Maybe you can use a second program to make an encrypted configuration text file. If the program can't configure itself, it can't run. Or some encrypted constants. For example, if your software goes to the flash drive for the values of one and 10 in an encrypted file. If it can't get the values it knows to not run.
Was This Post Helpful? 3
  • +
  • -

#3 baavgai  Icon User is online

  • Dreaming Coder
  • member icon

Reputation: 5826
  • View blog
  • Posts: 12,681
  • Joined: 16-October 07

Re: Protect your code.

Posted 31 January 2012 - 11:27 AM

PHP is all pretty much source code. Obfuscation really can only get you so far. And if someone who thinks they can just pass your code around already has it, you're pretty much done.

You can be explicit about the kind of software licence the code is under. GNU would prevent people from just selling it; well, legally, anyway.

Frankly, who cares? Are you going to sell it? If not, it doesn't really matter. What one programmer can do, another can. The fun is in actually doing it. If you think it's cool, and want money, try to sell it. Once it's out there with you name on it, it's harder to just take. If you don't want cash, but think someone would find it useful, open source it. Show off those mad skills.
Was This Post Helpful? 3
  • +
  • -

#4 Macjohn  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 80
  • View blog
  • Posts: 407
  • Joined: 10-April 09

Re: Protect your code.

Posted 31 January 2012 - 11:49 PM

Thank you for the responses.

No, the idea is not to sell it, is just a small app to make me and my colleage gain some time.
The problem is not letting them have it, the problem is that they didn't asked for it.
They have the "alpha" version that I used to show my boss but that's all.

And for the license, I really don't know how that works.

What I will probably do is create a "key" file to put it to work that i'll save in a usb pen.
But i guess your right, when I created it, was for the fun and not for something else.

I'm allready at the release Version, so probably gonna study how those GNU licenses work, and put it online for everybody to take it. I know that some buddys from school are interested for theyr jobs.

Once again, thanks for the responses!

This post has been edited by Macjohn: 31 January 2012 - 11:51 PM

Was This Post Helpful? 0
  • +
  • -

#5 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5307
  • View blog
  • Posts: 27,208
  • Joined: 10-May 07

Re: Protect your code.

Posted 31 January 2012 - 11:53 PM

Be prepared to answer questions as to why you are not allowing your employer to do what they want with what is theirs.

I'm not suggesting you've done anything wrong, but if you take an aggressive measure be prepared to defend it.
Was This Post Helpful? 0
  • +
  • -

#6 Macjohn  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 80
  • View blog
  • Posts: 407
  • Joined: 10-April 09

Re: Protect your code.

Posted 01 February 2012 - 02:25 AM

;)
Just took care of it! Talked to my boss(person responsible)...
Explained the situation, and he is allright with it.
That way if they want it they i'll have to ask me the permission.
Thank you for the info!

But I'll give them the app if they ask, and if they pay me a cofee.
:whistling:


PS:
That would be a pretty good idea for a tutorial, what do you think?

This post has been edited by Macjohn: 01 February 2012 - 02:47 AM

Was This Post Helpful? 0
  • +
  • -

#7 stackoverflow  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 164
  • View blog
  • Posts: 545
  • Joined: 06-July 11

Re: Protect your code.

Posted 15 February 2012 - 08:00 PM

Security by obscurity is not security. Anyone that thinks obfuscating code is going to protect it is living in a dream.

If 'security' for the company or users, you should really ask yourself if open sourcing is really a bad thing. If more people can look at the code and help fix flaws then there's a better chance your code will be secure. If not, it's up to you to find every flaw. Keep in mind an attacker only needs to find one flaw, with or without your help. I can guarantee the attackers will be very skilled and something like obfuscation is just a joke.

If you are not confident enough to open the source and have an attacker find a flaw then you should probably not rely on that code anyway. If you do rely on it, the chances are you are living in a false sense of security.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1