How to protect applications ? [duplicate]
https://stackoverflow.com/questions/2665870
-
27-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
This question already has an answer here:
My boss have given me assignment to find how a web based application developed in .NET can be protected. As per agreement products developed in our company are an asset of the company and even non-developers can access the code. But my boss still he wants to know how he can protect products in case a developer steals the code and tries to launch it from his home ?
Please guide how this can be controlled.
Solution
If the developer has:
- the source
- the knowledge of how the the technical aspects of the system hang together
- the knowledge of what the customers really want, beyond simple technical facilities
there isnt much you can do - things like Obfuscation and even Code Protection only kick in after a compiler has seen the code. Assuming you're going to allow the developers to compile the full end-to-end code on their machine, it's not hard to disable anything that one could ordinarily put in place to guard against customers stealing code.
Having said that, in the case of a web based application, you won't be using something like Obfuscation as a first-line of defense mechanism - only as a (tinfoil-hatted) defence in depth mitigation against the threat of decompilation after someone has compromised your site and got themselves a copy of your assemblies.
Ultimately this is why protection around stuff like this is written in legalese, not a computer language.
(BTW this is a duplicate of this question which has some great answers - which I unfortunately only discovered after retagging this)
OTHER TIPS
What if a developer memorizes the code part by part and retypes it at home day after day. Ask your boss, what would he do about that? Reset the developer's memory like in 'Men in Black'? LOL. Shrinks do have a medical term for your boss' attitude.
My advice is this: tell the boss to let it go or hire other developers that he can trust.
Just off the top of my head... rip out all their USB ports, CD rom drives, and disable their internet.
You can't protect the source code.
Any developer worth his salt knows exactly how to reproduce whatever he wrote. He is the one who made it, so he can do it again.
The only thing you can do is legally protect your products with patents and copyrights.
Tell your Boss to believe on his/her developers. And tell him/her to give Good salary to Developers. Code is written by developer, so any how they can rewrite their own code.
Legalize, and thats all that you can do.
Use source control software correctly (Visual Studio Team System has this built in). You should then know who has the code.
This won't stop anybody running the code and distributing it but would make the person who last checked it out somewhat accountable for its whereabouts.
Usually this is not a technical problem. You control developer code theft by hiring a lawyer.
It is difficult enough "protecting" redistributable .NET code, but I would think it is (nearly) impossible to protect the code against your own developers.
Update: Here's also a constructive suggestion, for the sake of the challenge. Organize developers like a spy network -- have them work on individual modules based on agreed-upon specifications in separate geographical locations, with you acting as an information hub. Integrate the modules yourself or with the help of one trusted person. In this way, none of the developers have all the pieces to make the application work "at home".
