[erlang-questions] "Securing" code in Erlang when deployed on customer's machines
Thu Apr 19 09:32:26 CEST 2012
We most often use combination of many techniques to prevent and detect
Checking the environment of the software, e.g. OS parameters, hardware
configuration, MAC address. These can be put on a encrypted 'Key File'.
Also, some one time configurable customer specific parameters that are
critical to the business logic can be put on this file instead of providing
an interface to configure them. Prohibit system backup, allow only the data
backup by providing a proprietary interface. Include system signature in
the error logs and dumps. Keep track of the configuration changes in a log
file. Allow some configuration changes only within a limited period of
time. This time can be put in the key file. Timed checkpointing of the
system signature to a licence server.
Hope this helps to some extent.
On Thu, Apr 19, 2012 at 12:39 AM, Zabrane Mickael <>wrote:
> Thanks Chandru.
> Any other hint?
> On Apr 18, 2012, at 9:00 PM, Chandru wrote:
> The problem with the Quickcheck licensing model (the last time I checked)
> is that it requires a connection from the server running the code to
> Quviq's license servers. This is not always possible. If you have this
> luxury, then just setup an SSL connection to your licensing server and
> check the license using the MAC address.
> The MAC address can be spoofed, but it probably won't scale if someone
> really wants to rip you off.
> I'm not aware of a bullet proof way of enforcing license checks on a stand
> alone system. I've tried, but it just raises the bar I think, not make it
> impossible :-)
> On 18 April 2012 19:08, Zabrane Mickael <> wrote:
>> Hi guys,
>> We're planning to deploy our proprietary HTTP/1.1 WebServer (of course in
>> Erlang ;-)) on a customer website
>> next month.
>> For that, we would like to create a licensing system to ensure that it
>> will not be deployed elsewhere.
>> Someone offlist told me that "QuickCheck" has a very good licensing
>> system to protect their code
>> and manage the number of allowed users. Unfortunately, I don't know how
>> it works.
>> Any hints? Any code?
>> erlang-questions mailing list
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions