java web application security,.

Hello:

I have a question regarding protection of software from piracy. I have an application written in java/j2ee which uses tomcat and mysql. I have 3 deployment scenarios:

[1] The software is hosted on a third-party  commercial software hosting solutions provider. How do I protect it from piracy ( and I am playing the devil's advocate)...by the hosting provider itself? All that the bad guys  can do is simply copy the webarchive file and deploy it in a tomcat installation of their choice! So how do I protect my web application in the aforementioned situations.

[2] The software resides in the intranet of the company. This is a corollary to the above question. How do I protect it from piracy in this case?

[3] I intend to allow users to download the application and use it for "x" number of days after which it gets disabled and asks the user to pay up. How do I ensure that the user does not reactivate the software - i.e. crack it.

I would appreciate any help / pointers to protecting hard work.

thanks
arjoshi77Asked:
Who is Participating?
 
btanExec ConsultantCommented:
Actually all can be solved with applying data confidentiality to the data at rest, and in secure translation for licensing restriction. It ideally be transparent to where it is hosted or server hosting it. There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt .... So suggesting check out available solution offering below

 http://www.safenet-inc.com/software-monetization/java-software-protection/
 http://www.validy.com/en/solutions/piracy/
0
 
arjoshi77Author Commented:
There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt

breadtan:

I am willing to understand the above mention of yours-"Understanding key management" ?
Can you direct me to good pointers/books/webpages that will allow me to implement what you said above?
I dont mind googling for the above, but I would rather trust an expert's (your) recommendation to knowledge resources.
Thanks


Thanks
0
 
btanExec ConsultantCommented:
Going simple even though it isn't for java sw, I thought these links are good start to appreciate public key infrastructure. It need not be a full fledge infra but minimally the crypto key belonging to unique licensed user remain to be the legitimately one to run the software.
 http://www.codeproject.com/Articles/99499/Implementation-of-the-Licensing-System-for-a-Softw
 http://www.codeproject.com/Articles/203840/RSA-License-Protection
0
 
ahoffmannCommented:
if you just mean copy&paste by "piracy" then the only solution is to *not* publish (or hand out) what you not want to be copied
if you mean modification in any kind by "piracy" then signing the code is the solution
anything else needs to be done by proper contracts and trust, this also applies to your "pay for license" which means that there is no way to inhibit cracking your license model and then circumvent the license check
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.