[Web Dev] Let's discuss anti-piracy/branding removal techniques

Status
This thread has been locked.

1amDev

Designer & Developer
Supreme
Feedback score
30
Posts
511
Reactions
844
Resources
0
Possibly the best way that I have thought of would be creating a very own API key to check and see if that key is active. Developers will be able to enable/disable the keys in order for the site to either work or not work. This would take quite a lot of work to build and make though. There are some other ways that I have thought of but if the client is smart enough, they can still get around it. Still working on some ideas and what not for it :)

Best regards,
Michael // 1amDev
 

Wvisoecj

Supreme
Feedback score
9
Posts
471
Reactions
677
Resources
0
Possibly the best way that I have thought of would be creating a very own API key to check and see if that key is active. Developers will be able to enable/disable the keys in order for the site to either work or not work. This would take quite a lot of work to build and make though. There are some other ways that I have thought of but if the client is smart enough, they can still get around it. Still working on some ideas and what not for it :)

Best regards,
Michael // 1amDev
I'm facing that issue of deciding on releasing code for paying customers or hosting it myself for them. The latter will take more work but I had some ideas for distribution with an API key and a script that will attempt to download the files.

I wouldn't share my secrets on the forum but if anyone want's to bounce ideas let me know :p
 

omarhachach

Your Friendly Neighbourhood Snorlax
Supreme
Feedback score
14
Posts
627
Reactions
359
Resources
0
Possibly the best way that I have thought of would be creating a very own API key to check and see if that key is active. Developers will be able to enable/disable the keys in order for the site to either work or not work. This would take quite a lot of work to build and make though. There are some other ways that I have thought of but if the client is smart enough, they can still get around it. Still working on some ideas and what not for it :)

Best regards,
Michael // 1amDev
This is the best idea posted here yet, but there are some pretty heavy downsides here:
If the developers servers ever go down, they will not be able to use their site, even if they bought it legitly.
If the developer ever changes the system, they will not be able to use their site.
And if you do anything to try and compensate for these 2 issues, you would compromise security as well. As anything that would allow any of these 2 things to work without the developers server, it would be able to work without it at any time.

The best way is by far to just host one key thing on your server, and if that API key matches, give that key thing. This has the downside mentioned before, as well as taking longer to request for the end user.
You can do this with a very small file, like a very key file, but a very small one - this could be a single key function in one file.

If you're the troller type of guy, you can make the hashing function for passwords (if it is used) be off loaded to your server, and if the API Key function is removed from the code (or is invalid), it will upload the plaintext password to the database instead. This is will of course, require computing power on your side, and will probably hurt the legit buyers.

If you want to go all out, you can encode your PHP. Using something like this: http://www.zend.com/en/products/zend-guard, http://www.ioncube.com/ (recommended), http://phpshadow.com/ and http://www.sourceguardian.com/
This is the ultimate and best solution. It is far from perfect though.

Hope I could help :)
 
Last edited:
Status
This thread has been locked.
Top