Solved

java web application security,.

Posted on 2012-03-24
4
673 Views
Last Modified: 2012-04-09
Hello:

I have a question regarding protection of software from piracy. I have an application written in java/j2ee which uses tomcat and mysql. I have 3 deployment scenarios:

[1] The software is hosted on a third-party  commercial software hosting solutions provider. How do I protect it from piracy ( and I am playing the devil's advocate)...by the hosting provider itself? All that the bad guys  can do is simply copy the webarchive file and deploy it in a tomcat installation of their choice! So how do I protect my web application in the aforementioned situations.

[2] The software resides in the intranet of the company. This is a corollary to the above question. How do I protect it from piracy in this case?

[3] I intend to allow users to download the application and use it for "x" number of days after which it gets disabled and asks the user to pay up. How do I ensure that the user does not reactivate the software - i.e. crack it.

I would appreciate any help / pointers to protecting hard work.

thanks
0
Comment
Question by:arjoshi77
  • 2
4 Comments
 
LVL 62

Accepted Solution

by:
btan earned 333 total points
ID: 37761929
Actually all can be solved with applying data confidentiality to the data at rest, and in secure translation for licensing restriction. It ideally be transparent to where it is hosted or server hosting it. There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt .... So suggesting check out available solution offering below

 http://www.safenet-inc.com/software-monetization/java-software-protection/
 http://www.validy.com/en/solutions/piracy/
0
 

Author Comment

by:arjoshi77
ID: 37762303
There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt

breadtan:

I am willing to understand the above mention of yours-"Understanding key management" ?
Can you direct me to good pointers/books/webpages that will allow me to implement what you said above?
I dont mind googling for the above, but I would rather trust an expert's (your) recommendation to knowledge resources.
Thanks


Thanks
0
 
LVL 62

Assisted Solution

by:btan
btan earned 333 total points
ID: 37762816
Going simple even though it isn't for java sw, I thought these links are good start to appreciate public key infrastructure. It need not be a full fledge infra but minimally the crypto key belonging to unique licensed user remain to be the legitimately one to run the software.
 http://www.codeproject.com/Articles/99499/Implementation-of-the-Licensing-System-for-a-Softw
 http://www.codeproject.com/Articles/203840/RSA-License-Protection
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 167 total points
ID: 37765079
if you just mean copy&paste by "piracy" then the only solution is to *not* publish (or hand out) what you not want to be copied
if you mean modification in any kind by "piracy" then signing the code is the solution
anything else needs to be done by proper contracts and trust, this also applies to your "pay for license" which means that there is no way to inhibit cracking your license model and then circumvent the license check
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
The viewer will learn how to implement Singleton Design Pattern in Java.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now