[erlang-questions] "Securing" code in Erlang when deployed on customer's machines

Jon Watte jwatte@REDACTED
Fri Apr 20 04:05:08 CEST 2012


Heavy anti-piracy engineering never works for popular software. If someone
really wants to pirate your stuff, they will.

They can clone the hard disks, and the hardware, and spin up as many
virtual copies as they want.
They can disassemble your binaries, and patch out the "branch-not-equal"
you use to check any arbitrary condition.

It's OK to put in a simple "lock" which "keeps honest users honest."
Ideally, this lock is no hassle -- the more complex it is, the more likely
your legitimate users are to actually use the cracked version of the
software, even though they paid for it.

If your system is anything more complex than, say, "every three hours, the
system makes a HTTP request with some statistics to your web server, and if
your web server doesn't answer OK, after three days the system will start
slowing down requests" then you're probably solving the wrong problem.

The alternative is to make software that nobody wants to pirate. But that's
usually not a good long-term solution.

Providing real value to your customers for being your customers is what's
important, because if your customer makes more money when they pay you,
than when they don't pay you, what do you think they're going to do? :-)

And, finally -- if your work is really so much "secret sauce," then why
don't you host it for the customer? Let the customer send you the content,
and host it on a cloud infrastructure of some sort (Amazon, Heroku,
Rackable, VMWare, etc.) That way, nobody sees the software except you.


Sincerely,

Jon Watte


--
"I pledge allegiance to the flag of the United States of America, and to
the republic for which it stands, one nation indivisible, with liberty and
justice for all."
~ Adopted by U.S. Congress, June 22, 1942



On Wed, Apr 18, 2012 at 11:08 AM, Zabrane Mickael <zabrane3@REDACTED>wrote:

> Hi guys,
>
> We're planning to deploy our proprietary HTTP/1.1 WebServer (of course in
> Erlang ;-)) on a customer website
> next month.
>
> For that, we would like to create a licensing system to ensure that it
> will not be deployed elsewhere.
>
> Someone offlist told me that "QuickCheck" has a very good licensing system
> to protect their code
> and manage the number of allowed users. Unfortunately, I don't know how it
> works.
>
> Any hints? Any code?
>
> Regards,
> Zabrane
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120419/2893824c/attachment.htm>


More information about the erlang-questions mailing list