Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 02-25-2011, 05:48 PM
juniorAtThis juniorAtThis is offline
Junior Member
 
Join Date: Feb 2011
Posts: 1
Default Question on how to make my product more secure

Hi everyone, this is my first post. I have certainly found some really interesting stuff here and really scary to a commercial software developer like me.
I am not looking to crack / hack software, but rather hoping that someone can help me protect my application.

I have built an application which will be sold on a subscription server, by the month. It is downloadable and will need to stop working if a customer stops paying. Already I hear alarm bells going off!

In terms of protection of the code, I was planning to use SmartAssembly or DNGurard.

The application is a reporting tool, so it needs to query a database. It itself has a temporary database, which is in a unique (non-documented and closed) commercial format. A commercially available application will be able to open that database, if you know the username and password.
The database contains all our IP and logic, so if someone gets hold of it and is able to open it, then they can use it. They can't see the code, unless they know another password.

I was thinking that during the installation the username and password is set on the database making it unique to the site. The installation file doesn't contain a database, it is downloaded over HTTPS during installation. It also updates the source database with a key.

Even if the uname/pass is cracked and shared with another user, when the database goes to be updated, it will see that that key in the source database doesn't match the key in the target database. The database won't update.

The next hurdle is the monthly subscription. I was initially thinking about a DLL based system that would query a license server. However, now I am thinking about a server based service which frequently communicates with our license server.
Anyone know of a good commercially available solution?

Thanks!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.