Encrypt my framework and code

hi, i am creating my own CMS frame work, because many of the clients i have, the have same requirements, like news module, newsletter module, etc.

now i am doing it fine, the only thing that is bothering me, is if a client wants to move from my server he would ask me to gibe him his files, and of course if i do so the new person who will take it he will see all my code, use it and benefit from i, and this is so bad for me that i spend all this time on creating my system and any one can easily see the code, plus he will see all the logic for my system, and he can easily know how other clients of mine sites are working, and that is a threat to me, finally i am using third party controls that i have paid for their license, and i don't want him to take it on a golden plate.

now what is the best way to solve this ? i thought it is encrypting, but how can i do that and how efficient is it ?

-should i merge all my CS files and Dlls in bin folder to one Dll and encrypt it, and how can i do that ?

i totally appreciate all the help on this matter as it is really crucial for me.

You'll need to precompile your site and obfuscate dlls. Visual Studio has something like Dotfuscator Community Edition shipped with it. You could give it a try.

Of course, HTML output, CSS declarations, database structure and stored procedures code cannot be encrypted.

You can however try to compress CSS which will also reduce its readbility by humans.

Check here: The best approach to scramble CSS definitions to a human-unreadable state throughout an ASP.NET application

One other idea would be to use a frame in your HTML and put the most of the site pages inside of it. This way, it will not be visible when doing "View source".

Or just state it clearly that you offer whatever you're doing as a service and do not provide source codes of your work. I somehow doubt salesforce would be willing to give their sources to anyone who asks.

You can still view the source of a page in a frame (right click on the page).

Jon B 2009-04-15 15:47:32

In our web application the content of the frame is not shown in "View source".

User 2009-04-15 15:50:00

@mastermind, you got a public website? I really want to see it by myself

Fredou 2009-04-15 15:59:24

man, i dont care much about css or aspx html code it is the Cs code that worries me, because i spend time on creating my tools.now how can i merge all dlls into one dll ? would not that be better to obfuscate one dll ?

2009-04-15 16:08:53

@devmania, you will never make 100% secure dll, if you look at my second link, everything is going to be converted into machine code when executed and no matter what, your code will be readable.

Fredou 2009-04-15 16:15:34

man, i don't see 2 links, i only see link to css scrambling, it is true it will not be 100 % but he will not hire a hacker, it is just that i want it so hard for new developer to see my code, unless he is a pro hacker or wants to invest to much into ding so

2009-04-15 16:32:30

@devmania, I'm talking about my reply, not Mastermind reply

Fredou 2009-04-15 17:07:44

@Fredou, it's a SaaS solution which is protected by a customer login. I'm afraid it's not that public. Sorry. You'll just have to believe me when I say that the source is almost empty in various browsers. Makes it really hard to debug when you don't know what HTML got generated.

User 2009-04-15 18:09:22

But I can admit it is likely that it is somehow dynamically loaded so I may be mistaken about frames. UI fraamework was built before I came there.

User 2009-04-15 18:10:29

oh fredou, sorry , yeah i read it, great highlights

2009-04-15 18:36:20

@Mastermind, I'm a little skeptical because if there is no source, how the browser can display the content?

Fredou 2009-04-15 18:50:51

I'm curious myself... maybe I should have a look at the code. Better, I'll ask tomorrow the senior guy how it was done.

User 2009-04-15 19:57:54

man, i agree 100 % but when it is a simple operation like after merging all Dlls into one dll , then obfuscate it, and give it to the client, his system will work but the new developer wont be able to change or add features, and this will let him come back to me, i think it is my right to get paid

2009-04-15 20:25:07

Sure, but if your product is really good, are they really going to hire a different developer to implement some new features in a half-assed way? No, they aren't, because developer time is expensive (especially if you hire them outright). It's just not worth it.

Anderson Imes 2009-04-15 23:53:33

ansaurus

tags:

views:

answers:

Encrypt my framework and code

related questions