Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Protect the source code on delivery to client

Tags:

c#

obfuscation

I've recently learnt that the company that will handle the installation of one of our core products have previously tried to reverse engineer suppliers' work in evil purposes. Due to this I want to learn more about how to protect our work and so far I have thought of the following:

1) Obviously to use an obfuscator. Question is which one.

2) Encrypt config files as much as possible (especially endpoint information).

3) Move as much of the logic as possible to the web service.

4) Use SSL for data transfers.

The project is written in C#/WPF and connects to a set of web services hosted on a IIS 7. We package our deliveries with WIX, does WIX have anything to provide?

I understand that in the end all binaries can be hacked and that as a minor company we should probably concentrate on writing code instead of protecting it. But these minor steps will at lease make it harder. What else can be done? Does the community have any more advices regarding this? Links to internal/external resources would be much appreciated.

like image 855
Avada Kedavra Avatar asked Jun 20 '11 21:06

Avada Kedavra

People also ask

How is source code protected?

Implementing network security solutions such as firewalls, Virtual Private Networks (VPN), anti-virus, and anti-malware software count as basic protection. These solutions safeguard your source code from external exploits of hackers and ensure secure data sharing between employees and data sources.

Should I give the client the source code?

If you have discussed about sharing the source code the customer during project plan, you should give the code. if customer is asking at the deployment stage, its your own personal decision. Also it should be a part of your agreement with the customer, whether you should share it or not.

How does the source of your software code affect the overall security of the system?

Source code doesn't only house intellectual property, it also houses your developers issues and bugs, your source code defenses and implementation details on the infrastructure on which the software is built. Combined together, if leaked, it's easier to find vulnerabilities and new attack surfaces.

2 Answers

Here are your options:

  • Don't give them the program, they've already abused their power
  • Have them enter into a license agreement wherein:
    • They can reverse engineer the program or even see the source code within the confines defined by your legal team
    • They can't do anything without inviting a world of legal hurt
  • Release the code as open source. You'd be surprised, if the "forbidden fruit" isn't forbidden they may just get bored and leave it alone.
  • Move the proprietary computation to your own servers, essentially making your program into a thin client.
  • Reverse engineer some of their tools. Enter into a cold-war of sorts.
  • Stock up on patents, and when you see your own code out in the wild sue the company into oblivion for violating your patent.
  • Pay the mob to run your "friends" out of town
  • Send them a basket of muffins with a note that says "PlZ st0p wit teh H4x"
  • Dress up as the ghost of professional integrity, visit each of the employees in their homes and teach them lessons about ethics and morality.
  • Buy out the company, fire all of the employees.
like image 158
Chris Eberle Avatar answered Oct 25 '22 06:10

Chris Eberle

As much an agreement with @Chris as anything.

Hire an attorney and draw up the appropriate license terms.

Every so often contact the offending company and ask if they have something similar to your software for sale. In the event they say yes, get a demo. If it bears any resemblence to yours, sue them into oblivion. One of the early stages in a lawsuit of this type is discovery. At which point you'll know whether they copied your code or not.

Presto, problem solved.

Point is, the only real solution is to use the legal system.

like image 26
NotMe Avatar answered Oct 25 '22 06:10

NotMe
Sign in to Comment

Related questions

C# inheritance in generics question
how to keep an item focused in c# listview?
WPF - Detect mouse down for a set period of time
Windows form application exception
iTextSharp 5 polish character
Appropriate use of Static Method
Why do I need IEnumerator.Current in a class implementing IEnumerator<T>?
Is possible to get the comments of an assembly through Reflection?
Application.Run(Form) vs. Form.Show()?
How to assign value to readonly field in an abstract class?
using LINQ how can i concatenate string properties from itesm in a collection
How is the ToString() method overridden and formatted within a class?
Entity Framework Multiple Object Contexts
C# web services
LINQ to SQL Association Mapping
Getting the password of a user from active directory
Equivalent of C# `readonly` keyword in D?
Migration from NHibernate to Entity Framework 4.1?
Dragging a WPF user control
How do I add text to the location of a user's cursor in a Rich Text Box in C#?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!