Software Protection for MV applications – Part 2
Continuing from yesterday’s blog on this topic, here I’ll present my solution to the problem of software protection – and ask if anyone else is interested in using this solution…
Over the years I’ve created several products for the MV market. Almost all of these are developer tools, created with the intention that developers would write code using the tools and then deploy the code to end-user systems. In some cases the end-user component is not licensed because it’s the developer that is the target audience. Free run-time deployment can be very attractive. In other cases it’s exactly the opposite, like with NebulaXLite, where we give free licenses to all developers but we do have a small license fee for end-user systems. Like other tool developers I needed to write software protection code with the following goals:
- It must protect our assets regardless of the target audience.
- It must work for all major DBMS platforms.
- It must work for all major OS platforms.
- It must recognize system uniqueness, even for different sites that use the same hostnames and IP addresses.
- One code base must work for all products and releases.
- It must be simple for everyone, and employ familiar techniques to ensure people are comfortable with the process.
- It must support trial licenses and permanent licenses.
As I was developing NebulaXLite I was simultaneously developing the licensing code. In fact for the last ten months (until just a couple days ago, darnit) there wasn’t any real issue with NebulaXLite itself – all of the issues reported had to do with the licensing mechanism. In short I get requests to support NebulaXLite on a new DBMS and/or OS platform, and while NebulaXLite itself works anywhere (it’s just MV BASIC), the licensing mechanism needs to support the platform. So the first couple attempts to support a new platform take a few hours or days but afterward we can announce that the product is supported for yet another platform. At this point all of the above goals have been achieved and the licensing mechanism is quite mature and stable.
That’s good for me but what about anyone else? Well, the licensing mechanism does work for all products so it will work for non-Nebula products as well. So I’d like to offer this as a new Nebula R&D product. Here’s how it works:
-
You send your software to whomever you wish.
-
They install the MV components per your instructions.
-
They run a program that generates an encoded item, like MYPRODUCT.REQUEST.
-
They email that to you.
-
You run a program on your system that extracts the following information:
-
DBMS ID
-
OS ID
-
Product ID and related Version info (Major, Minor, Build)
-
Unique token for the environment
-
-
You return to the user another text block which they put into an item called MYPRODUCT.KEY.
-
The software then continues to work on that system only, until the expiry date which you specify.
-
There are no links to Nebula R&D, no dependencies on our availability, etc.
-
We maintain this code like any other product, providing enhancements like new platform support, new algorithms (in case the existing one is compromised), feature-level activations, etc.
Before making this a new Nebula-branded offering however, I’m wondering how many tool and application developers are even interested in protecting their software using this sort of mechanism.
Another approach to this might be for Nebula R&D to provide components that activate end-user software, and for us to manage the licensing. For example, your end-user might have a permanent license for NebulaXLite, but do you want them to have a permanent license for your software as well? For a small maintenance fee we can provide a product-specific key for your software, so the end-user will get all of their licenses from one source. Of course we would make sure that end-users only get the licenses you authorize. For some developers that’s ideal and for others it puts too much control into someone else’s hands. This is why we’d offer the licensing software itself as a product, so that you can licensing your own code. (And no, because this is product-specific someone with the licensing mechanism would not be able to unlock someone else’s product.)
I’m really not sure yet what people think of this so comments are welcome. It could be that this would have been a great offering 15 years ago when new apps were still being developed for MV, but these days there isn’t the same sort of new development going on, and most products may already have their licensing models in place. But I have to believe that there are still some developers out there who are concerned about their software "walking away" and people who don’t look forward to finding out that they have hundreds of happy but unlicensed users in some third-world countries.
So if you want to comment briefly, do so here. If you’d like to discuss this extensively, please post to our forum or email.