Protecting A Runtime Solution

[Blaze]

I recently purchased the program Exeshield in order to protect my runtime solution. It encrypts and protects the .exe portion of a solution. I'm saddened to find a large gap in this approach - Only the application file is protected - since creating a runtime creates two unique files, the secondary solution file is left wide open - All I had to do to workaround the protection was to map the extension to Filemaker and double click the 'library' file and it opened in Filemaker with no trouble at all. Any helpful hints here as to go about protecting my solution (p.s. I'm using wise installer also to deliver and install the file - also my profile here says Dev 7 but I'm on 8 pro adv)

[Vaughan]

FMP 7 and 8 feature greatly enhanced security over earlier versions. Set up passwords and privilege sets to offer the user the access you desire.

Aditionally the FM 7 Developer tool (or FMP 8 Advanced) can permanently prevent access to and modification of the database structure.

Between the two I don't see any need for third party products

[Blaze]

Of course I have taken those steps already. What I am trying to prevent is the program being illegally distributed where the recipient is able to easily run/use the program. Passwords etc can also be easily distributed or posted on the internet Serialz sites etc.

Also - What the third party program Exeshield does that would have made it desireable is being able to deliver Demo/Trial versions that expire or time out after a certain period of time or a certain number of uses etc. through the use of license keys. So in addition to FMPs passwords etc this adds another barrier for hackers to encounter.

Anyone have other thoughts on how to protect this secondary non-app file?

[SteveB]

Here's the approach I've taken:

Each file in the solution runs a startup script that causes the startup script in the main file to run. This way, unless someone can hack into the files the main is always started. One of the first things the main startup does it check whether the Install Date has a value, which a fresh install won't. It also checks to make sure all the plugins are available. I capture it and test every time the main starts to find out whether the trial has expired. In my case, the user would ruin his own data by setting the system clock back, so it isn't a concern.

I also use a free encrytion plugin using RC4 (available from David Mckee's site called protolight.com). I encrypt the disk serial # and other things on 1st time run after installation and then test it every time the system starts.

While I looked at ExeShield copy protection, I haven't decided whether its necessary.

Steve