Slightly off topic : Reducing piracy/licensing etc...

[Rob Meade]

Hi all,

I've written an application that's currently being used by 1 company, and
soon to be used by another. I was thinking the other day how as this is all
just written in ASP - ie, no .dll's or anything else, I have very few ways
to prevent anyone working at these companies taking a copy of the
application and distributing it to other people.

Whilst they'd probably need to know ASP and have a good database
knowledege - it would still be possible.

I would like to try and reduce the possibility of this happening as much as
possible. I am soon going to issue a license number to the company using
it, they will then be able to use this with their details to login to our
server for updates and so on - so I can restrict what people get that way I
suppose.

What I was wondering was whether I should take the 'login' page completely
out of the application at the clients end and put it on our own servers -
ie, they login with their username/password/license number and then get sent
back to the application at their end - but even this is not really 'secure',
plus anyone with a little ASP knowledge could just remove the security code
in the application at the moment if they really wanted too... (hehe, maybe I
shouldn't have commented the code )...

So, does anyone have any good ideas on how to reduce (note I dont say
prevent) the chances of my application being distributed for free etc? I
normally wouldn't be too bothered, but it took around 6 months to develop,
they've been using it since April this year and seem happy with it, and
there has been a lot more work done on it since, I'm sure it could be
better, but for me its something I'm quite proud of.

Any information would be appreciated, any URL's etc...

Thanks in advance,

Regards

Rob

 

[Phill Intvariant]

Making the jump from well formed VBscript to an active-x DLL is much easier
than you might expect.
After reading through the following tutorial I was able to get a couple of
my VBscript functions up and running in the course of one evening..

http://www.tutorial-web.com/asp/dll/index.asp

it's really nice being able tuck away all your logic in a DLL and just
instantiate when you need to access a large chunck of code.

 

[mark | r]

have it send an email to you with the offending ip address, web space
username and password when ever its activated. then you can log in yourself
and validate the purchase.

or slap the user

mark

 

[Rob Meade]

...

have it send an email to you with the offending ip address, web space
username and password when ever its activated. then you can log in yourself
and validate the purchase.

Aye, I thought of something similar, maybe giving the license upto 3 IP
addresses for the user who's bought it etc, or just one and they can buy
more licenses for the others etc (I like the money for nothing
theory!)...but again, the user would *still* be able to remove this ASP if
they were 'o-fay' (sp?) with ASP.

or slap the user

hehe- a slappin' sounds good ;o)

Rob

 

[Rob Meade]

...

Making the jump from well formed VBscript to an active-x DLL is much easier
than you might expect. After reading through the following tutorial I was able to get a couple of
my VBscript functions up and running in the course of one evening..

http://www.tutorial-web.com/asp/dll/index.asp

it's really nice being able tuck away all your logic in a DLL and just
instantiate when you need to access a large chunck of code.

I guess I could just tuck away the login stuff, and then use something along
the lines of what mark|r posted in conjunction with it....wondering now how
easy it would be for a user to circumvent the .dll though! hehe...

The joys of coding!

Rob

 

[Mark Schupp]

it would probably be fairly easy to bypass the login page.

identify a section of your application that you feel is critical to it's
operation and that would not be easy to duplicate from scratch and put that
into a DLL. Check the license when that part of the application is entered.

 

[Rob Meade]

...

it would probably be fairly easy to bypass the login page.

identify a section of your application that you feel is critical to it's
operation and that would not be easy to duplicate from scratch and put that
into a DLL. Check the license when that part of the application is

entered.

Hello again Mark )

Yes, I can think of 2 vital areas without which the application is
completely pointless, but they are 'big' sections - this would require quite
a lot of work, but worth it I guess...

I suppose my next hurdle will be clients that want to use my application
that dont have their own web servers and use a hosting company which do not
allow the installation of custom .dll's /

Identifying this as a requirement of the application from the outset is one
thing, but I dont expect many people are likely to want to change hosts for
this - I could be wrong...

Rob

 

[Mark Schupp]

If you are using JScript then you will probably have to re-code the
indicated pages to create a DLL.

There are tools that can help convert VBScript ASP pages to VB DLLs. We used
one called ASPLightning a several years ago to convert our entire
application to a DLL. I wasn't completely happy with the way the conversion
ran (the tool was in BETA at the time) so we started doing new development
on the app directly in the DLLs. If the tool is still available I expect
that it is more sophisticated now. There are also several other tools out
there I think. Check aspfaq.com.

It is also not terribly difficult to move VBScript into a DLL manually. Most
of the VBScript syntax is valid in VB.

 

[mark | r]

not if the checking is a URL on your site?

mark

...


Aye, I thought of something similar, maybe giving the license upto 3 IP
addresses for the user who's bought it etc, or just one and they can buy
more licenses for the others etc (I like the money for nothing
theory!)...but again, the user would *still* be able to remove this ASP if
they were 'o-fay' (sp?) with ASP.


hehe- a slappin' sounds good ;o)

Rob