Reputation: 8691
Protect the source code on delivery to client
I've recently learnt that the company that will handle the installation of one of our core products have previously tried to reverse engineer suppliers' work in evil purposes. Due to this I want to learn more about how to protect our work and so far I have thought of the following:
1) Obviously to use an obfuscator. Question is which one.
2) Encrypt config files as much as possible (especially endpoint information).
3) Move as much of the logic as possible to the web service.
4) Use SSL for data transfers.
The project is written in C#/WPF and connects to a set of web services hosted on a IIS 7. We package our deliveries with WIX, does WIX have anything to provide?
I understand that in the end all binaries can be hacked and that as a minor company we should probably concentrate on writing code instead of protecting it. But these minor steps will at lease make it harder. What else can be done? Does the community have any more advices regarding this? Links to internal/external resources would be much appreciated.
Upvotes: 7
Views: 2369
Answers (3)
Reputation: 18815
Actually I think that your 4 points cover what you can do (realistically) very well. The only thing I would add is the appropriate clause in your licence.
If someone wants to steal, they will steal.
Edit: oh, RE Obfuscator as much as I hate to recommend Red Gate after their reflector treatment, their Smart Assembly is very good.
Upvotes: 2
Reputation: 48785
Here are your options:
- Don't give them the program, they've already abused their power
- Have them enter into a license agreement wherein:
- They can reverse engineer the program or even see the source code within the confines defined by your legal team
- They can't do anything without inviting a world of legal hurt
- Release the code as open source. You'd be surprised, if the "forbidden fruit" isn't forbidden they may just get bored and leave it alone.
- Move the proprietary computation to your own servers, essentially making your program into a thin client.
- Reverse engineer some of their tools. Enter into a cold-war of sorts.
- Stock up on patents, and when you see your own code out in the wild sue the company into oblivion for violating your patent.
- Pay the mob to run your "friends" out of town
- Send them a basket of muffins with a note that says "PlZ st0p wit teh H4x"
- Dress up as the ghost of professional integrity, visit each of the employees in their homes and teach them lessons about ethics and morality.
- Buy out the company, fire all of the employees.
Upvotes: 16
Reputation: 88074
As much an agreement with @Chris as anything.
Hire an attorney and draw up the appropriate license terms.
Every so often contact the offending company and ask if they have something similar to your software for sale. In the event they say yes, get a demo. If it bears any resemblence to yours, sue them into oblivion. One of the early stages in a lawsuit of this type is discovery. At which point you'll know whether they copied your code or not.
Presto, problem solved.
Point is, the only real solution is to use the legal system.
Upvotes: 3
Related Questions
- How to encrypt c# code so that it wont be easy to decompile and read
- Protect .NET code from reverse engineering?
- Ways to obfuscate c#/silverlight source code
- How to secure an API written in .Net
- Protecting my code from reverse engineering
- Hide c# windows application source code
- Is it possible to obfuscate raw C# source code?
- Protect source code of an ASP.NET website
- Manually obfuscating code?
- .NET obfuscation of a DLL: how can I protect my code?