Runtime Secutiry

[Mif]

I am about to release a run-time version to a client and wondered just how secure it might be. I did some research and found out that there is a piece of software that claims to remove all password protection from Filemaker. I was freaked out until I noticed that "databases protected with filemaker developer are not supported". That eliminated my concern but may be a blessing to you. Check out this link and four $45 you may have your database back!

http://www.lostpassword.com/filemaker.htm

[Steven H. Blackwell]

Actually not. And a database that has had this toll run on it may be damaged. So proceed with caution.

Steven

[Rich S]

I can tell you which runtime theft prevention program _not_ to buy: ExeShield. Its documentation is terrible (as a professional technical writer I can say this with authority) and its author seems to enjoy replying in terse phrases which usually don't address the question(s) you may have posed.

It astonishes me how he makes it as frustrating and difficult an experience as possible to use the program. It just goes to show that you may have a top-notch product but if people scratch their heads trying to figure it out then you're only halfway done with developing it.

[The Big Bear]

WF7A

Thanks for the information but is there one you would recommend.

Lionel

[Rich S]

I wish I could, Lionel--I'm sure the seasoned developers on here could make a recommendation or two...as well as for protecting non-runtime FM solutions as well. (I'm having a rough time finding good software for the latter.)

This morning I played with Aladdin's HASP software protection software and am _very_ impressed with it: it has both software and hardware-keyed protection. (It works with .exe files so it would work great for FM runtimes but not for "regular" FM files.) I'd buy it in a heartbeat but it's not cheap: for the software-keyed Developer version--that can create up to 500 licenses--it's $6,500, plus an annual subscription of $1,500. Ouch! I'm slated to have a chat with their regional sales rep next Monday so hopefully we can work out some kind of arrangement that will work for both of us.

Stay tuned!

--Rich

[The Big Bear]

Rich

Thanks for the information.

But the hasp lock is a lot more than I want to pay at this moment.

Lionel

[Rich S]

More than I want to pay too, Lionel!

I just downloaded a native FileMaker app that looks promising: FMLock and DynaMO, both made by the great people at http://www.fmwebschool.com. What the programs do, in tandem, is collect the end user's hard drive serial number then encodes it into the FM solution you're selling (runtime or not); that number is then "hard-coded" into the solution. So, if the hard drive serial number is different from the original installation (i.e., you give an unpaid copy of the program to a buddy), the runtime or FM file won't run. Simple, yet effective.

The only downside with using that type of software locking is if an end user replaces his or her computer (or the hard drive itself), the protected run-time and application won't run. So, you have to second-guess whether a client has truly replaced their machine (or hard drive) or they're trying to cheat you out of an unpaid copy of your solution for free. :S

For $50 for both DynaMO and FMLock, you certainly can't beat the price!

[Steven H. Blackwell]

that number is then "hard-coded" into the solution

Which likely means it can be "Un-coded" as well. To be fair, I have not looked at thisprogram. But generally speaking there can be issues with "keys" or "codes" held in regular data fieldswith FIleMaker Pro files.

Steven

[The Big Bear]

Rich

I seen those as well and I do not like that concept.

All I am looking for is when a potenial customer downloads my software for the web, they would have thrity days to try it and then buy it or the demo would not work after the alotted time. I was looking a exeshield really hard for this.

Lionel

[Rich S]

Sorry for the delay in responding, Lionel--I have two full-time jobs to make ends meet so it's tough to find free time for "little stuff."

Well, we decided not to use FMLock for a few reasons, so we're still using ExeShield to protect our demo product. Between having it encoded with ExeShield _and_ building into the runtime solution two, separate "drop dead" scripts, at least we'll make it difficult for the casual hacker to break the program; not much can stop a well-armed hacker, unfortunately.

If you do decide to use ExeShield, just be prepared for little-to-none helpful support. That, and be aware that if you have only one computer at home and use ExeShield on it, its countdown function will continue on your machine unless you "virginize" it by creating a new runtime with ExeShield to overwrite the old runtime with its new code. It's bitten us a few times when we didn't have the "overwrite file" at hand and was wondering what was going on with encoding the runtimes: was ExeShield having a problem with the runtime or our computer?

If you'd like to chat with me at length about ExeShield, I can send you a "private topic" of my contact info.

Ciao,

Rich

[The Big Bear]

Rich

Thanks for the information on ExeShield. Sorry to hear that the support is so poor because the program looks really promising.

Yes, I would like to talk to you more about ExeShield.

Thanks

Lionel