tags:

views:

256

answers:

5
+3  Q: 

How do I copy-protect my Java application?

Hello.

I want to sell my Java application using PayPal. When a payment is received, the customer is mailed a one-time download link to my application.

My question is, how do I prevent people from sending the .jar file to their friends/uploading it on the internet?

Obviously I need some kind of check in the application which only allows it to run on one computer. And that's another problem, I don't want a customer to have limitations on one computer, they should be able to run it at home and work etc.

Maybe some kind of cd-key would do the trick? Is there any cd-key resources for Java out there? Or should i build my own algorithm? Here comes yet another problem, reverse engineering..

Please help me solve this :)

+1  A: 

You must implement licensing capabilities.

Here is one interesting resource as a starter: http://members.chello.at/stefan-schneider/JavaLicenseKit.html

Pierre 303  2010-09-05 18:41:35
+6  A: 

The most common way to handle this is: customer gives you money, you generate a unique unlock key and provide that to the customer. The key should be a valid unlock key, and it should encode identification information about the user. Customer uses that key to install on as many of their computers as they like, or is allowed by the license.

Don't worry about reverse-engineering. Your product, if it's at all popular, will be pirated - you'll find unlock keys online if you look hard enough. If you like, you can take that as a compliment - someone liked your software enough to steal it. Cold comfort, I know, but the alternative is to get in an arms race with the pirates, and you won't win that. In the end, a few percent of the population will steal software, and you can't do much about that. You can use the key's identification information, if your scheme is strong enough, to trace who released the key in the first place.

Michael Petrotta  2010-09-05 18:44:14
I'm going to need an online lookup service for the keys right?
cragiz  2010-09-06 11:41:06
+1  A: 
Mondain  2010-09-05 18:44:41
It's easier to crack a version with a trial period. You already have the full version, all you need is to fake the time.
Colin Hebert  2010-09-05 18:49:04
That goes back to several of my points - keeping honest people honest, obfuscation, and accepting that you will not defeat piracy.
Mondain  2010-09-05 18:56:15
@Mondain - not entirely true. In some cases, badly implemented DRM will prevent honest people from doing things that they are entitled to do (by law), and cause them to break your DRM. (Or throw your software out of the nearest window, and never do business with you again!)
Stephen C  2010-09-06 02:23:26
Very true Stephen, good point
Mondain  2010-09-06 02:26:05
A: 

In my opinion, if you don't know exactly how you will protect your source code efficiently, then don't start trying to hash something together yourself based on hardware. It will be too easy to break, and most likely just annoy your customers.

I would sugest you have a look at how Atlassian does this. They happen to sell Java software, and apparently do quite well. http://www.atlassian.com/ Try downloading e.g. JIRA and play with an installation. This will give you a good idea of how their licensing scheme works, and what users can reasonably expect from professional software.

Thorbjørn Ravn Andersen  2010-09-05 19:54:09
A: 

Protecting your IP and protecting your licenses from abuse are two independent issues. Obfuscation and encryption are solutions for the first, and there are a number of tools out there.

For protecting your licenses, why re-invent the wheel when the problem has already been solved for you? Commercial tools such as the EasyLicenser license manager are multi-platform Java and protect against such attacks as copying to other machines, rolling back the system clock to cheat on trial licenses, attempting to spoof the license-checking code etc.

Dominic

Dominic  2010-09-08 17:34:04

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java