Search code examples
javascriptcanvasjs

How can a javascript library such as canvasjs manage their trial period


Disclamer : I don't want to crack canvasJS or avoid paying for it. I'm just curious for the method used for licence management

CanvasJS came with a 30 days trial licence, but how is this time managed?

Since file is downloaded directly from client to canvas server (without any information of my application server), how do they manage to know that my application server is using canvasJS for more that 30 days?

Also, if a site A is using a paid version of canvasJS, how do they manage to avoid people using the javascript on any other website?


Solution

  • After downloading CanvasJS and take a (fast) look at the code, I see no evident way in which it can be controlling neither trial period neither unauthorized use (abuse).

    Of course, there are some approaches to control the trial period, at least. For example, embedding into the program logic some function which polls periodically a centralized server. If the server records the polling sequence, it can compute how many time has passed since the first call from each client, and so, it can notice when the trial period is over.

    A more advanced standalone technique (which would not need any external server) would be to generate a serial number embedded in the code, in function of the download date. Then, some core function should validate the current time against the download date, and produce an error when the trial period has expired.

    But, it does not matter how advanced a technique we apply in javascript: The weakness of all these possible techniques is that all the copyright-guarding functionalities must be coded in javascript, which at the end is executed in the client browser: Thus, at the hacker's disposal to "decompile", modify, and steal that code. So, all these techniques must necessarily rely on a strong source code obfuscation to hinder the hackers on understanding the code and finding the core functionalities. But just obfuscation, at the end, ensures no security at all.