How can a Java project be protected from simple copying?

P

proger67892021-02-07 21:29:26

Java

proger6789, 2021-02-07 21:29:26

Good day!

During the development process, I encountered the problem of protecting data from copying.
There is a Restful server application written in Java (jar file) with a database (running on the same server).
The essence of the problem is that the buyer has a desire to deploy this system on his server or have full access to the server on which this system is deployed (it can be understood, because his information is stored there and it is somewhat more reliable when this system will work inside the local networks on the local server).
However, having full access to the server, nothing will prevent him from copying the jars and selling them to someone.

Before that, I have never encountered a situation where I myself am trying to sell my results of work and somehow protect them from free distribution.
Tell me, please, what are the methods of protecting such software?
There was an idea to rent a vps and add a mandatory periodic connection to this vps to the server software in order to confirm the possibility of legal use of this copy of the software and if there is no access to the server for some time, then block the software.

And is it possible to compile the jar file somehow so that it cannot be decompiled?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

F

Finies, 2021-02-07
@proger6789

It is usually understood that if you do custom development, and the customer pays for it, then you transfer exclusive rights to the resulting program code to him, respectively, he has the right to copy and transfer it to anyone and in any way. In this vein, it’s actually worth acting, then you won’t have to defend.
But if there is still a need to protect, then I can add 1 more option to your piggy bank:
- generate the hardware ID of the machine (I’m not sure if it’s possible directly from Java, but there are certainly options, for example, in C ++ with the ability to throw them into Java)
and then the options are:
1) You can simply check the machine ID each time and run if it is the same, otherwise block the launch
2) You can offer the user to give you the machine ID, so that you tell him the activation key (the key can be obtained by any transformation of the machine ID).
But remember that in any case there is no absolute protection, by and large the only question is time and the desire to crack this protection.

A

Alexey Cheremisin, 2021-02-07
@leahch

The question is usually in the legal plane, I don’t think that someone in their right mind will pass off someone else’s product as their own and sell it. After all, there is always a license or a sales contract, or something like that...
In the technical sense: obfuscate the code and add an activation key.
It makes no sense to defend strongly.
For, you can always show the source code in the dispute. Support is always needed, and without a developer it is very difficult to do it.

D

d-stream, 2021-02-08
@d-stream

Minimum - register rights

P

proger6789, 2021-02-08
@proger6789

Thank you all for your valuable advice and suggestions!
I am not yet ready to deal with legal issues, so I will try to implement it technically.
Carried away by thoughts about how to protect, I didn’t even think that, in principle, stealing is one thing, but without technical support it can be quite inconvenient to continue using all this if something suddenly goes wrong.
I decided to take a closer look in the direction of binding to the machine ID (or interface) in combination with a periodic encrypted exchange with the verification server.
They also suggested that it is possible to make unique assemblies for each consumer with unique signature identifiers.