Page 1 of 1
What's the best way to code and distribute free trial
Posted: Sat Oct 09, 2010 10:21 am
by nexgen2
I sell a webscript which is written in the php language. What I want to do is create a license for each user and limit the script installation to one domain only.
Also, I want to distribute this same script as a free trial for 15 days. After that the user must upgrade. The script will call home to verify if the user has valid record in our server or not.
What's the best and "hard to crack" way to distribute license in that way?
Re: What's the best way to code and distribute free trial
Posted: Sat Oct 09, 2010 12:08 pm
by flying_circus
Either Remote File Inclusion (poor idea) or a Web Service comes to mind. I think there are methods out there to obfuscate your code, like IonCube, but your user would have to have IonCube installed on their system as well. I've never used obfuscation, so I really dont know how well it works. I suppose that doesnt really help, but maybe it will get you started.
Re: What's the best way to code and distribute free trial
Posted: Thu Oct 14, 2010 12:32 am
by Jonah Bron
But obfuscation isn't entirely foolproof, but it works adequately for the majority of cases. Unlike compiling, it can be converted back to it's original form (perhaps without meaningful variable, class, and method names). The only way to make sure is to make it depend on a remote file you control. Not just a checker. A checker could be found and removed. A dependency would force them to upgrade/follow your terms.
Also, it has to be a dependency that changes. Just calling a remote library doesn't work; they could intercept it and just put it in.
Realize of course, this is for a worst case scenario (in which case of course, it would be better to write the code in a compiled language). You might not want to deal with making sure nobody does anything without you're saying so.
Re: What's the best way to code and distribute free trial
Posted: Sat Oct 16, 2010 5:51 pm
by josh
You could just give the source code as is for the trial, with some important but small piece of functionality not present.
Re: What's the best way to code and distribute free trial
Posted: Sun Oct 17, 2010 1:21 am
by Bind
The only way to guarantee the security of your code is to keep all source code you wan tto protect on servers you control, offering a hosted service for your application. You can certainly create a front end to distribute that communicates through an API to your app.
If you distribute the code, it can be reverse engineered.
Does not matter what ofuscation service or product you use. The very best have been reverse engineered and will contiinue to be becasue PHP needs the code to compile.
Even ioncube and zend guard can be reverse engineered by reading the server memory and reconstructing the code. In fact there are 3rd party tools and services for this purpose available with a google search.
Remote code imports can easily be intercepted.
If you must distribute your code, know that if it becomes popular, it will be reverse engineered.
That said, to answer your question, the best solutions for protection of deployed source code are zend guard and ioncube. Both are commercial applications and/or services.
Now its a matter of opinion whether or not their cost is prohibative since they have both been proven to be reversable and reconstructable. I guess the question you must ask yourself is how many of your clients will buy or reverse engineer. If they reverse engineer, callbaclks are irrelevent as they can simply strip out or rwrite those sections, which makes the hosted solution a better alternative in my opinion.