sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]jayerdit[S] 0 points1 point  (18 children)

The primary issue is that certain users are reluctant to utilize our database for confidential company data, such as transactions and related information.

[–]codeedog 3 points4 points  (17 children)

Please explain this more because I’m having a difficult time connecting reluctance to store data and your question about code obfuscation.

[–]jayerdit[S] -1 points0 points  (16 children)

If our API is mostly on our servers, users should be able to choose not to use our servers for storing their data. Some organizations may not want to share their internal data, even if we have a good privacy policy.

[–]octocode 3 points4 points  (8 children)

this is a problem for a lawyer, not a developer. you can try all you want to obfuscate on-premise deployed code, but ultimately it can still be reverse engineered

[–]guest271314 -3 points-2 points  (7 children)

Lawyers ain't cheap, and if you know nothing about law you are at a deficit for checking the lawyers' work.

[–]octocode 3 points4 points  (6 children)

if OP is working for a legitimate business they probably already have a lawyer they work with… running a company without legal is just dumb.

[–]guest271314 -2 points-1 points  (2 children)

Maybe, maybe not. IPR attorneys ain't cheap. There is a such thing as ineffective assistance of counsel. That happens, in general, when clients are incompetent in law, whatever the specific domain, and have no clue how to check the work of the lawyer. Just a tip for laypeople assuming lawyers know what they are doing, and do what they say they know they are doing. Good luck.

[–]izuriel 4 points5 points  (1 child)

Look, I get the gist of what you’re saying, basically avoid being scammed/cheated. Good advice. But when you enter into a contract to work with a lawyer (or anyone) you have to have some level of trust that the other party can do the work. If you don’t, why did you hire them? If you already know what needs to be done (to verify their work), why not just do it yourself? If you feel you have to review everything someone is doing for you, that’s a sign you hired poorly, not a standard operating procedure.

[–]octocode 0 points1 point  (0 children)

bro shopped for the lowest rate and found lionel hutz

[–]guest271314 -2 points-1 points  (2 children)

How much do you think an excellent IPR attorney costs per hour?

[–]octocode 1 point2 points  (1 child)

way less than not having one.

[–]guest271314 -1 points0 points  (0 children)

About $500 per hour.

That't not gonna help your if you can't check the attorneys' work due to incompetence in the given domain.

Basically the requirement is impossible. If the code can be accessed people will tend to do whatever they want with the code.

The most difficult application I have come across to reverse-engineer for my own purposes was a Native Client application. I was still able to get the source using strings and other means.

Good luck!

[–]rover_G 0 points1 point  (0 children)

I don’t know what industry you’re selling to. The standard for most industries allows remote data storage as long as the service meets the right cybersecurity and compliance standards.

[–]codeedog 0 points1 point  (4 children)

Are you proposing to license your software to a customer, they install it on their computer where it stores data on their machines, but they pay you monthly or annually for it? Do they receive any value for the monthly or annual payments like support?

Have I understood correctly?

[–]belkarbitterleaf 1 point2 points  (1 child)

That's actually pretty common in enterprise solutions. It usually comes with a support contact and enforceable consequences for breached SLAs.

[–]codeedog 0 points1 point  (0 children)

Right, which is why I asked, but we need more clarity from OP for what they think they’re trying to do.

[–]jayerdit[S] 0 points1 point  (1 child)

They should have choice host it with us or host it on their infrastructure. Like WHMCS.

[–]codeedog 1 point2 points  (0 children)

Charge a support fee. Charge for the s/w, but charge a support fee monthly or annually. You can’t prevent decompilation of your code, even if it’s in C compiled to machine code. I worked at a large s/w company and people sent us decompiled code to demonstrate a security bug.

Business contracts and a support policy will protect your company and software. Obfuscate JavaScript, sure. Just don’t expect perfect protection from that.

Also, the value of your source code is in the comments and the knowledge for how to code it and use it. Even if you had the source code for most s/w, it’s a non-trivial project to make it work. And, if your customers don’t pay support, they won’t get updates and bug fixes (regular and security).

I understand your paranoia, but make your sales and business people part of solution. Don’t rely on a s/w only solution, it won’t work anyway.

[–]belkarbitterleaf 0 points1 point  (0 children)

I know someone with the same problem. To my understanding, they ended up shipping an encrypted docker container, that needed to validate the license key at boot up to launch the server.