At 02:27 AM 2/17/02 -0800, Michael wrote:
>I want to develop an application using a database server. But I am concerned
>that installing it at client's sites will mean that I am potentially
>exposing my intellectual property to theft. (I'm in Asia where this sort of
>thing is rife).
Your software can be copied.
>Can security be enforced in some way by compelling each user (including
>administrator) to always have a digital certificate even if using a restored
>copy on a different server?
>
If people really want to they can disable the checks on your program.
So even if you give each of them an individual cert (signed by your CA) and
make the program check the cert or decrypt itself using the results of
verifying the cert, people can always step through the program retrieve the
decrypted program and remove the checks and voila cracked program. You'd
still likely know whose copy was cracked but you can't stop the copying
unless as part of it's function the program needs to talk to other entities
that require presentation of a _valid_ unrevoked certificate.
---
There's one thing to consider tho, even in Asia people at certain market
ranges are willing to pay just to know that there can be support and
maintenance. At those levels they may not want to pay a lot, but they
aren't going to copy your stuff from someone else for free and try to get
it to run (the few that are are stupid|nuts|nasty and you don't want to
deal with them anyway). That has been my experience so far.
Applications with DB's stuck in them typically belong in these market
ranges (not all tho). In fact you can often pull the per user/seat license
sort of thing without any software controls - the sales people just need to
pay friendly visits to them from time to time to see whether their needs
have changed (easy sale - they are already using more, so obviously they
need+like it :) ).
So if your application falls within this range, then I don't think you need
to worry too much.
But if it's at the consumer end (where support = wall paper music over the
phone, maintenance = user self upgrades to next version ), then oh well
good luck, maybe your app will be on a CD with a dozen other apps for USD3
at some night bazaar sometime ;)...
Regards,
Link.
