• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 818
  • Last Modified:

java web application security,.

Hello:

I have a question regarding protection of software from piracy. I have an application written in java/j2ee which uses tomcat and mysql. I have 3 deployment scenarios:

[1] The software is hosted on a third-party  commercial software hosting solutions provider. How do I protect it from piracy ( and I am playing the devil's advocate)...by the hosting provider itself? All that the bad guys  can do is simply copy the webarchive file and deploy it in a tomcat installation of their choice! So how do I protect my web application in the aforementioned situations.

[2] The software resides in the intranet of the company. This is a corollary to the above question. How do I protect it from piracy in this case?

[3] I intend to allow users to download the application and use it for "x" number of days after which it gets disabled and asks the user to pay up. How do I ensure that the user does not reactivate the software - i.e. crack it.

I would appreciate any help / pointers to protecting hard work.

thanks
0
arjoshi77
Asked:
arjoshi77
  • 2
3 Solutions
 
btanExec ConsultantCommented:
Actually all can be solved with applying data confidentiality to the data at rest, and in secure translation for licensing restriction. It ideally be transparent to where it is hosted or server hosting it. There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt .... So suggesting check out available solution offering below

 http://www.safenet-inc.com/software-monetization/java-software-protection/
 http://www.validy.com/en/solutions/piracy/
0
 
arjoshi77Author Commented:
There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt

breadtan:

I am willing to understand the above mention of yours-"Understanding key management" ?
Can you direct me to good pointers/books/webpages that will allow me to implement what you said above?
I dont mind googling for the above, but I would rather trust an expert's (your) recommendation to knowledge resources.
Thanks


Thanks
0
 
btanExec ConsultantCommented:
Going simple even though it isn't for java sw, I thought these links are good start to appreciate public key infrastructure. It need not be a full fledge infra but minimally the crypto key belonging to unique licensed user remain to be the legitimately one to run the software.
 http://www.codeproject.com/Articles/99499/Implementation-of-the-Licensing-System-for-a-Softw
 http://www.codeproject.com/Articles/203840/RSA-License-Protection
0
 
ahoffmannCommented:
if you just mean copy&paste by "piracy" then the only solution is to *not* publish (or hand out) what you not want to be copied
if you mean modification in any kind by "piracy" then signing the code is the solution
anything else needs to be done by proper contracts and trust, this also applies to your "pay for license" which means that there is no way to inhibit cracking your license model and then circumvent the license check
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now