How to protect code?

Good day, there was an idea to create a product, with the purpose of selling in the financial organization, logic built on sql, frontend likely to be html5, js, css, so how can something create it, the question is what backend you need to write as to protect the project? Docker in my case can help ?
Protection from modification and copying and rasprostanenie.
July 2nd 19 at 16:39
4 answers
July 2nd 19 at 16:41
Does not to protect. Nobody uses the left soft when it comes to finances of the organization.
financial institutions there are lots of processes not related to financial management. And there is VERY different. - Arielle15 commented on July 2nd 19 at 16:44
In the question it is not specified, therefore, we conclude that this work is financial or corporate information. - Jaqueline.Parisian commented on July 2nd 19 at 16:47
: : using this ideas don't make money, the product will help in automating compliance in fin organizations. - jaden_OKee commented on July 2nd 19 at 16:50
: Automation reduces costs and involves working with corporate data. - Jaqueline.Parisian commented on July 2nd 19 at 16:53
: Yes, the data will be kept confidential, the idea needs to automate certain processes and to facilitate the completion of the audit of the Central Bank. - jaden_OKee commented on July 2nd 19 at 16:56
: intrigued. it assessment what requirements allows automatisiert purchased the product? I have not yet heard about the Western products that automate the audit requirements of our Central Bank. And, believe me, the Bank not the first year - Arielle15 commented on July 2nd 19 at 16:59
And what normal person would trust sensitive data to the program downloaded from the tracker? - Jaqueline.Parisian commented on July 2nd 19 at 17:02
: you are right, the guide fin of the organizations were concerned that the program was legal and this works for me - jaden_OKee commented on July 2nd 19 at 17:05
: I have read your threads in the toaster, you out there interested in requesting users, wanted to get the first connection of the day, part of my idea too touch on such points if the first instance described as uschapovsky Siem reap - jaden_OKee commented on July 2nd 19 at 17:08
:
> you are right, the guide fin of the organizations were concerned that the program was legal and this works for me
Therefore do not hammer the head protection. Focus on the product. - Jaqueline.Parisian commented on July 2nd 19 at 17:11
Use the left and soft and financial institutions.
You just never know life. - Letha_Streich commented on July 2nd 19 at 17:14
: Is their problem. - Jaqueline.Parisian commented on July 2nd 19 at 17:17
:
They have no difficulties.
;)
They have one saving.

We're talking about a question of the developer - and in this case they are.
And financial institutions do not pay for pirate use. - Letha_Streich commented on July 2nd 19 at 17:20
: Not a lot if risks with this savings? - Jaqueline.Parisian commented on July 2nd 19 at 17:23
:
Any of these risks?
;)
Developers often overestimate their own importance - syndrome God.
No one is indispensable. - Letha_Streich commented on July 2nd 19 at 17:26
: Do not lose anything, if someone is to do nothing and he uses pirated software. - Jaqueline.Parisian commented on July 2nd 19 at 17:29
July 2nd 19 at 16:43
In theory, Docker can help:
  1. Project source code is closed and not published anywhere, the same applies to the Dockerfile. You distribute only ready-made Docker images.
  2. When you build a Docker image encrypted files of the program, whether .nick jar', binary or naked php'shnye source.
  3. Decryption requires a license key which must preobrazyatsya into the container at startup via environment variables. It program files rasshifrovat and the program starts.


In practice, you get the same as piracy various software today:
  • One who has the key can put it in the public domain. This moment can be bypassed, if you think of any centralized verification key on their servers (see how to make JetBrains). Or under each key generates a unique separate Docker image. Again, anyone who has a key, and has accordingly, and he, too, can share.
  • He who possesses the key can easily pick open a container via docker exec. And if the program files themselves reflect well the source code (e.g. PHP scripts or binaries Go), here leaked already and the source code of Your product that is not comme Il faut. So code obfuscation and other techniques of protection of the results of the compilation should not be neglected.


In General, sticks in wheels to insert, you can "hoo-go", but a complete solution of the problem, IMHO, is no. Because piracy and thrives, because it is possible.
when using the Docker will not drop performance? what if I provide a product in the form of a virtual machine image with encrypted partition with a unique klyuem, if leaked to the net it is possible to identify the offender - Arielle15 commented on July 2nd 19 at 16:46
: with the virtual machine about the same as with the Docker-way, or any way in principle, though with zaparoleny archive =)
When using Docker and performance should not fall, since the image runs directly on the Linux kernel, just in an isolated world. If you run on Linux, it will be a layer in the form of implicit virtual machine (except for Win10, they're kind of native support for gash, almost).
Unique key - Yes, but first, the offender must still be calculated, and for this we need to develop additional mechanisms. Secondly, we still have significantly to understand the offender, is it not "I just run the second your computer". This is tying You to a whole class of problems that has to be considered that it is necessary to provide, decide, and complete solution, again, is not present, because human nature can be vile enough =/ - Jaqueline.Parisian commented on July 2nd 19 at 16:49
: what do you then advise? on asp.net to realize? - jaden_OKee commented on July 2nd 19 at 16:52
All I could advise - I described above. And this is not specific advice (for real-world experience in the development and promotion of such product I do not have), but only a reflection on the subject, and the direction in which you can dig further (obfuscation, protection of results of compilation, licensing keys, server verification/validation keys).
What to implement?
1) what can
2) what are suitable means to protect the results of the compilation - Jaqueline.Parisian commented on July 2nd 19 at 16:55
July 2nd 19 at 16:45
no, Docker is definitely not going to help. Rather, help copy. =)
as an employee of the financial organization can say that make a normal product, provide it support and development - and no one would steal it. The instruments that make money, easier to buy.
: Possibility of what? how to prevent to steal? - Arielle15 commented on July 2nd 19 at 16:48
I repeated the project (the logic in sql + bash) which bought our organization, it's written in java, the project is frankly crude and functionality are scarce, however, bought for 20K $, I'm afraid that if I create a project which you can view your code you can distribute it on the Internet and no one will buy it. Of course I understand that there are responsible organizations which comply with the license agreement, but there are employees who like to copy to distr - Jaqueline.Parisian commented on July 2nd 19 at 16:51
: disappoint You as the biggest problem, which is to think in the first place - this how to convince to buy from You for 20K rubles, not "there" for 20K dollars. Buy in 90% of cases - half woes\expenses. Deployment and maintenance - that's the challenge. I had once a project where the cost is not very cheap, accounted for only 20-25 percent of the project cost. even 50 percent - the introduction , the rest of the support. While You developer and vendor and implementer and soprovozhdenie - to persuade to buy something from You, You will be extremely difficult. Try to start with your own office - and implement there. free. - jaden_OKee commented on July 2nd 19 at 16:54
: implementation is not a problem, and support also, and be able to sell really challenge your stop and contract and license agreement? - Jaqueline.Parisian commented on July 2nd 19 at 16:57
As a former employee of the financial organization, which has its entire business based on one single pilfer someone else's payment system - you know, you are not right.
Support thieves provide their own (1 admin). It was cheaper and faster than paying the rights holders. - jaden_OKee commented on July 2nd 19 at 17:00
: well, through the efforts of the Central Bank such "financial institutions" is getting smaller. If not a secret - Your still alive? - Arielle15 commented on July 2nd 19 at 17:03
:
They don't go under CB.
Anyone can connect to other payment system (more than one) and also become a payment system.
Think alive. - Jaqueline.Parisian commented on July 2nd 19 at 17:06
: let the question in the first utterance and the second. The banking sector and was formerly well-regulated, and after the law about NPS it became generally cheerful. Ie if Your former employers carry cash boxes - still okay(and kind of weird, Finmonitoring loves to pay attention to the circulation of cash). But if they try to chase the money electronically and thus not "under the CBA" excuse me, but "no way!". - jaden_OKee commented on July 2nd 19 at 17:09
: for dealers payment systems (which in turn are also payment systems) do not need a license of the Central Bank.
they are like "just accept payments from the population." - jaden_OKee commented on July 2nd 19 at 17:12
July 2nd 19 at 16:47
I think if you have a product that can be on the "knee" in quick to collect, make sense to buy it no. If harder, it is easier to buy and pay for support than have her poking around/to finish/remake.
Or the entire information store, the grant only API or something.
Now there is a project functionality is sparse and written on zhava(bought for 20K $from an American company), but I created a copy of the draft scripts and functions better than a paid product, do not grasp the functionality to store is not an option as there will be confidential information - Arielle15 commented on July 2nd 19 at 16:50
: and how do you test sql? - Jaqueline.Parisian commented on July 2nd 19 at 16:53
: nothing yet, a small load about a million records a day, tell me how to test it. - jaden_OKee commented on July 2nd 19 at 16:56
:
I do not know.
Because he never wrote business logic that cannot be tested - Jaqueline.Parisian commented on July 2nd 19 at 16:59

Find more questions by tags DockerWeb Development