Anyone have an idea how I might protect a web application so that it will only run for 30 days before requiring a commercial license?
[ July 28, 2004: Message edited by: joseph corner ]
Since the users are remote, you would need to have some sort of license server running. The users with a trial version would contact your site and you would keep track of whether the 30 days has expired.
The trick is how to handle when the user buys the commercial version. If they have to contact your license server, you become a dependency. If not, you have to figure out what to distribute. For example, you could tell them to modify a text file with a license key. One company we buy software from, gives us a license key based on our hard drive. That way users can't pass the key around.
Originally posted by joseph corner:
That sounds fine.
What I'm not sure about is finding a way to include the call to the license server in the web application in a way which isn't possible to bypass.
Is the idea to put in inside a class which is essential to the app. then obfuscate the class file?
There is no way to make it impossible to bypass, it doesn't matter if the code is provided as java source or as compiled assembly code. If the user is intent on breaking it he will. The only sure thing is to require a particular piece of hardware. All software solutions just slow the thieves down.
Basing the key on a hard drive is not a good idea if you don't want to have your users inconvenienced and calling you when their hard drive crashes or they upgrade their server. If you provide 24 by 7 support this is not a problem. IBM does this for mainframe software, it requires a particular CPU serial number. But they also provide round the clock service and you can't upgrade the hardware without their assistance. Their software charges also vary with the size and number of processors.
You could make your software call home if it detects that it has been tampered with, then take the offenders to court.