Anti-Piracy for Served Solution

[bcooney]

Anyone have any info on 3rd-party solutions for protecting a commercial fm solution that is served?

It seems all the info is for runtimes. We want to prevent a customer from giving the file to their friend to load on his fm server. Yes, we assume he'll give away any logins/passwords, so I'm hoping to find an encryption scheme for served files. I've used B. Dunning's Easy Encrypt for the runtime solution, but that involves checking the NIC number, and I'm not sure that'll work for a served file. I'm not a fan of USB dongles, btw.

[bcooney]

Back again with this question, folks. Now that FMS9 runs scripts, does anyone have any ideas for locking the file to one server?

[Vaughan]

Why not run a script that gets the solution to phone home every so often, telling you the name of the server or, even better, a string embedded into the file such as the customer name.

[bcooney]

Would rather not phone home. Any ideas? Get (HostIPAdress) perhaps? Store it on the first startup and then if it doesn't match subsequently, quit.

But what if they legitimately upgrade to a new server, argh!

My customer wants the least involvement on his part.

[FestiveEmbalmer]

I have absolutely no experience with this but since there doesn't seem to be a great deal of input I figure there is no reason why I shouldn't risk embarrassing myself

I imagine you could create a key, possibly using the IP address, that is stored in the application without the user accessing it. Then it would match that key every time the solution is opened and add a counter to another dev field when the IP (or directory or whatever key you chose) doesn't match. After an excessive number of counters are added it would simply cease to function. If your solution has email built in, you don't even need it to 'phone home' for validation. It could send you messages only when there are a specified number of counters in the dev field.

Then you simply schedule 'upgrades' accordingly, OR it could notify them of some mystery error - "Error lkjda42: Please contact your system administrator to prevent data loss". Even if your solution doesn't have email you could check that counter as part of regularly scheduled maintenance and reset the key if they have upgraded machines.

It's just theory and I can see it has holes, but maybe it would make it more difficult to pirate your solution.

[bcooney]

reset the key if they have upgraded machines

How exactly, if the "key" is the HostIP? I appreciate your response. Seems to be a topic no one wants to touch. So, thanks.

[FestiveEmbalmer]

oh no, Logic! my only weakness.

well, I also have a weakness for bullets but I can dodge those.

Edited November 15, 2007 by Guest

[Steven H. Blackwell]

All this may well rely on how any such keys are triggered from with FileMaker Pro. There are so many ways to bypass things like startup scripts that it can prove difficult to manage this functionality.

Maybe check the 24U Web Site and look at their encryption HASP to see if that gives you any ideas.

Steven

[FestiveEmbalmer]

Don't wish to hijack this topic but now you've given me a boogeyman to worry about-

How can my users bypass startup scripts?

forseeing a forbidden forboding,

matthew

[Steven H. Blackwell]

How can my users bypass startup scripts?

Easiest way is to run another script in the file.

In my FileMaker Security: The Book and in my FileMaker Security Video Tutorials I cover this is very great detail.

Steven