Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

java web application security,.

Posted on 2012-03-24
4
Medium Priority
?
796 Views
Last Modified: 2012-04-09
Hello:

I have a question regarding protection of software from piracy. I have an application written in java/j2ee which uses tomcat and mysql. I have 3 deployment scenarios:

[1] The software is hosted on a third-party  commercial software hosting solutions provider. How do I protect it from piracy ( and I am playing the devil's advocate)...by the hosting provider itself? All that the bad guys  can do is simply copy the webarchive file and deploy it in a tomcat installation of their choice! So how do I protect my web application in the aforementioned situations.

[2] The software resides in the intranet of the company. This is a corollary to the above question. How do I protect it from piracy in this case?

[3] I intend to allow users to download the application and use it for "x" number of days after which it gets disabled and asks the user to pay up. How do I ensure that the user does not reactivate the software - i.e. crack it.

I would appreciate any help / pointers to protecting hard work.

thanks
0
Comment
Question by:arjoshi77
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1332 total points
ID: 37761929
Actually all can be solved with applying data confidentiality to the data at rest, and in secure translation for licensing restriction. It ideally be transparent to where it is hosted or server hosting it. There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt .... So suggesting check out available solution offering below

 http://www.safenet-inc.com/software-monetization/java-software-protection/
 http://www.validy.com/en/solutions/piracy/
0
 

Author Comment

by:arjoshi77
ID: 37762303
There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt

breadtan:

I am willing to understand the above mention of yours-"Understanding key management" ?
Can you direct me to good pointers/books/webpages that will allow me to implement what you said above?
I dont mind googling for the above, but I would rather trust an expert's (your) recommendation to knowledge resources.
Thanks


Thanks
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1332 total points
ID: 37762816
Going simple even though it isn't for java sw, I thought these links are good start to appreciate public key infrastructure. It need not be a full fledge infra but minimally the crypto key belonging to unique licensed user remain to be the legitimately one to run the software.
 http://www.codeproject.com/Articles/99499/Implementation-of-the-Licensing-System-for-a-Softw
 http://www.codeproject.com/Articles/203840/RSA-License-Protection
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 668 total points
ID: 37765079
if you just mean copy&paste by "piracy" then the only solution is to *not* publish (or hand out) what you not want to be copied
if you mean modification in any kind by "piracy" then signing the code is the solution
anything else needs to be done by proper contracts and trust, this also applies to your "pay for license" which means that there is no way to inhibit cracking your license model and then circumvent the license check
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question