[nycphp-talk] PHP License Management
John Lacey
jlacey at att.net
Thu May 20 13:10:15 EDT 2004
Dan Cech wrote:
> Hi all,
>
> I've been asked to come up with a licensing solutions for a
> closed-source php application, and wondered if anyone had any advice.
>
> The application will be licensed either in perpetuity or on a
> subscription basis, and each license will be tied to a particular server
> to make unauthorised distribution more difficult.
>
> The idea I came up with was to create a server app where the user could
> log in and view/purchase/extend licenses and manage the IP address(es)
> each license is tied to.
I'd look for a way other than IP addys since they're a moving
target, especially if the customer is running a NATed network.
>
> The 'license' itself would be an encrypted token containing the client
> id, expiry date, ip address(es) etc signed with a private key.
>
> The actual software would then be encoded to protect the source from
> (casual) prying eyes (I was thinking of using the Turck MMCache encoder
> for this) and include code to check the license validity and take
> appropriate action.
>
> The most obvious (to me) attack on the system is to reverse-engineer the
> code and remove the license check, which could be mitigated somewhat be
> encoding the entire app and 'hiding' the check within the code.
>
> It seems to me like a viable solution, but I'm no security expert and
> would appreciate any and all comments or pointers to existing solutions.
>
> Dan
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
More information about the talk
mailing list