Solved

java web application security,.

Posted on 2012-03-24
4
723 Views
Last Modified: 2012-04-09
Hello:

I have a question regarding protection of software from piracy. I have an application written in java/j2ee which uses tomcat and mysql. I have 3 deployment scenarios:

[1] The software is hosted on a third-party  commercial software hosting solutions provider. How do I protect it from piracy ( and I am playing the devil's advocate)...by the hosting provider itself? All that the bad guys  can do is simply copy the webarchive file and deploy it in a tomcat installation of their choice! So how do I protect my web application in the aforementioned situations.

[2] The software resides in the intranet of the company. This is a corollary to the above question. How do I protect it from piracy in this case?

[3] I intend to allow users to download the application and use it for "x" number of days after which it gets disabled and asks the user to pay up. How do I ensure that the user does not reactivate the software - i.e. crack it.

I would appreciate any help / pointers to protecting hard work.

thanks
0
Comment
Question by:arjoshi77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
btan earned 333 total points
ID: 37761929
Actually all can be solved with applying data confidentiality to the data at rest, and in secure translation for licensing restriction. It ideally be transparent to where it is hosted or server hosting it. There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt .... So suggesting check out available solution offering below

 http://www.safenet-inc.com/software-monetization/java-software-protection/
 http://www.validy.com/en/solutions/piracy/
0
 

Author Comment

by:arjoshi77
ID: 37762303
There can means in designing security encryption into the application but it means revamp and whole architectural again as it involve key gmt

breadtan:

I am willing to understand the above mention of yours-"Understanding key management" ?
Can you direct me to good pointers/books/webpages that will allow me to implement what you said above?
I dont mind googling for the above, but I would rather trust an expert's (your) recommendation to knowledge resources.
Thanks


Thanks
0
 
LVL 63

Assisted Solution

by:btan
btan earned 333 total points
ID: 37762816
Going simple even though it isn't for java sw, I thought these links are good start to appreciate public key infrastructure. It need not be a full fledge infra but minimally the crypto key belonging to unique licensed user remain to be the legitimately one to run the software.
 http://www.codeproject.com/Articles/99499/Implementation-of-the-Licensing-System-for-a-Softw
 http://www.codeproject.com/Articles/203840/RSA-License-Protection
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 167 total points
ID: 37765079
if you just mean copy&paste by "piracy" then the only solution is to *not* publish (or hand out) what you not want to be copied
if you mean modification in any kind by "piracy" then signing the code is the solution
anything else needs to be done by proper contracts and trust, this also applies to your "pay for license" which means that there is no way to inhibit cracking your license model and then circumvent the license check
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question