[asterisk-biz] Protect Source Code based software

Alex Balashov abalashov at evaristesys.com
Fri Dec 4 11:33:17 CST 2009 

Another approach is to build a "black box" appliance that the customer 
does not have access to, and which is only reachable by you through a 
management VPN or similar setup.

Some customers would understandably object to this, but it is easier to 
stomach if the product is delivered as a "complete solution" and/or a 
"managed" offering rather than just off-the-shelf.  However, the former 
is pretty much the only way to sell this type of software into the 
enterprise market anyway, so you may not encounter so much resistance there.

Obviously, this won't stop the people that want to break into your box 
and poke around anyway.  But again, you're aiming for the 80-90% that 
would only do it if the code were right in front of them.

Alex Balashov wrote:

> My experience is that there are certain people in the world that will 
> want to pirate your program, or examine/use your code in some capacity. 
>  You cannot stop them.  However, most people are opportunistic to some 
> extent;  they will do things you don't want them to do if it's 
> effortless or nearly effortless to do so.  They can easily be 
> incentivised to do what you want by making the process of getting around 
> your restrictions just tough enough that it's not worth their time.
> 
> So, you need to come up with a technique that will deter ordinary people 
> through sheer inconvenience, rather than naively believe that you can 
> stop determined crackers and elite reverse engineering specialists.  The 
> latter are people who wouldn't pay you money anyway, and will steal your 
> stuff if that's what they want to do.
> 
> I think one of the best ways is to pepper your code with a few calls to 
> basic library routines that are implemented in a statically compiled 
> binary or reloadable ELF module.  Do this just enough that the software 
> won't really work without these calls.  Someone determined can figure 
> out what the calls are and re-implement them, disassemble your binary, 
> etc.  But it will stop the people that give up and just go get their 
> manager to authorise a purchase order for a resale license instead.
> 
> Ignacio Ramos wrote:
> 
>> Hello frieds, we have finished the development of a high-enterprise
>> multi-tenant call center and we are about to install it the client's
>> NOC. How ever, we are a little worried about the client getting our
>> software and reselling it, since we will install all the
>> Asterisk+PHP+Ajax source code in their servers.
>>
>> So I would like to know, how do you protect your OpenSource-based
>> software from being copy&paste? Do you install only the executable
>> files? what program do you use for that?
>>
>> Thanks
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-biz mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-biz
> 
> 


-- 
Alex Balashov - Principal
Evariste Systems
Web     : http://www.evaristesys.com/
Tel     : (+1) (678) 954-0670
Direct  : (+1) (678) 954-0671

More information about the asterisk-biz mailing list