Hello !

I'm looking to release my first software product shortly and was considering the best way to protect my code from piracy.

I've been reading up on how hacking is done and all current software based protections are vulnerable to debugging tools such as soft-ice.

The product would only ever be in use whilst on the internet so i've decided that I can make use of this. I will distribute 90% of the code as usual but split out some crucial part of the code which I would run on a separate server. This way the user would not have all the code, making debugging useless. The client side would connect to the server and server side authentification would then restrict who could access and run the remaining part of the code (an input from the client which after authentication would reply with results from the server database). I think this is safer as securing a server would be easier to control than releasing the entire code. The connection between the client and server could be encrypted, though this would probably be vulnerable to a 'MITM' (man in the middle attack).

What do you think of my ideas ?

Hi,

it would be good to know what kind of application is it going to be. If I understand well you want to execute a crucial part on the server side. If this is possible for your application then why you do not implement the whole application as an Internet application?

On the other hand if requests (from client) and answers (from server) will be always the same then the described protection is useless because one can easily simulate your server database soon.

the software is a 'bot to play poker. screen scraping is essential so i think that would have to be done by a client running on the users PC.

emulation of the database would be a worry, not sure of the best way around this...