4 Replies Latest reply on Dec 1, 2005 2:36 PM by elkner

    How to copy protect an EAR?

    jsimone Nov 14, 2005 3:25 PM

      Hi all,

      I have a J2EE project in JBoss/MySQL that I would like to copy protect. If the EAR runs on our server then its protected. But, if customer in China wants the app hosted on their server on-site I fear that our code may get stolen.

      I would like to protect the EAR such that it validates its license before running. So, if the machine is not the licensed machine OR the time period has elapsed OR the app detects a usage pattern in excess of what the license allows it will stop running.

      Rather than write custom code to do this, can anyone give me advice as to how others are doing this or if their is some package we can buy or code we can use? Copy protection is something I am not familiar with at all.

      Many thanks in advance,
      Joe

      • 3717 Views
      • Tags:
        • 1. Re: How to copy protect an EAR?
          oglueck Nov 15, 2005 4:13 AM (in response to jsimone)

          Such a thing can not be achieved reliably if the code is in the hands of the foe. You can not make any code tamper-safe. All code you give away is untrusted.

            • Actions
          • 2. Re: How to copy protect an EAR?
            patrick_ibg
            patrick_ibg Nov 15, 2005 9:27 AM (in response to jsimone)

            Probably the best you can do is to obfuscate the code. They can still reverse engineer it, but it would be much harder. (Hopefully, to the point where it'd be much easier for them to code it from scratch than to re-use your code.)

              • Actions
            • 3. Re: How to copy protect an EAR?
              jsimone Dec 1, 2005 2:10 PM (in response to jsimone)

              Well, suggestions for how to "execute" protect an EAR file?

              I was thinking that in order for the app to run one would have to upload an encrypted license file. It would contain some limits for how long to run and how many records to make and a check for processor id. If the validation failed, then no one could login.

              Any comments?

              Thanks!

                • Actions
              • 4. Re: How to copy protect an EAR?
                elkner
                elkner Dec 1, 2005 2:36 PM (in response to jsimone)

                 

                "oglueck" wrote:
                You can not make any code tamper-safe. All code you give away is untrusted.


                Hmmm, even not, if archives are signed ?

                Actually my concern is not really reverse-engineering, but rather a way to assure users, that they have the "right/original" archive.

                  • Actions