Search code examples
javajavafxdesktop-application

Secure of copying working application from one pc to other

I'm created JavaFx application.Now I would like to secure it from copy to others computer.More detailed I sell to one customer my application and after installation of this application I need to secure it copy it from one computer to others.How I can prevent copy it from others computer.Application is in jar format

Solution

  • In theory, you can't.

    However: You can do a couple of things to reduce the chance. I will mention them starting from the most secure.

    Which is: Remote licensing (a.k.a keep licenses in a server). Your application can generate a unique kind of id and whenever it starts, it checks if this id is in the database of the remote server. (Good option here is RESTful services as a backend. Then an HTTP request will be enough.) If this id does not exist in remote, your program terminates.

    What if client does not have internet connection, should it be terminated?

    There is an option to handle this, but still, can be "bypassed". Whenever it starts (with internet connection) it stores the "positive" answer locally (a file, a registry or something). Then whenever the client is not connected to internet (the remote check fails), your program starts to searching for the "positive" answer locally. If it finds it, it starts.

    What if client reverse engineer the application, finds where it stores the "positive" answer, creates it manually and then adds a rule to his firewall in order to prevent your application speak with the remote?

    You tell me. Best i can think of, is to check firewall rules if the remote check failed.

    Second option: Create a second .jar that generates a kind of "positive" answer (as mentioned above). Run this .jar to your client. Then delete it from his PC. Then your application looks for this "positive" answer. If it exists, application runs. Otherwise, it terminates. If he copies the application in another pc, it does not run because you did not run the second jar there.

    What if he reverse engineer your app and finds where and how you store this "positive" answer?

    He will be able to copy your application and you will never know about.