-1

I've developed web software that I would like to start leasing to companies. It is a javascript program that works as module that only needs linked from their site to utilize.

What are the methods available to secure that the scripts only work for selected clients, paying customers?

I was thinking I could provide them with a code that would need to be verified in my database before printing out the javascript to their page, but after the first fetch they would gain access to the javascript which they could copy and thus never have the need to pay again..

bushdiver
  • 751
  • 3
  • 12
  • 21

1 Answers1

2

Moving your business logic code to the server is the only reliable way.

Of course you could obfuscate your code and have it only work by fetching a token from your server, but that'll get cracked eventually and obfuscated code has a real performance cost.

lleaff
  • 4,249
  • 17
  • 23
  • What about offline JS apps? – Dmitri Pavlutin Jan 01 '16 at 19:06
  • @DmitriPavlutin Check http://enclosejs.com/ – lleaff Jan 01 '16 at 19:07
  • Thanks, looks interesting. – Dmitri Pavlutin Jan 01 '16 at 19:09
  • @lleaff ah so you mean in some of the main functions add a condition to check a pre-configured token that is fetched from the database and checked against user credentials?.. hmm that sounds promising, but yes it could still be cracked because the token would still reside in the javascript condition.. – bushdiver Jan 01 '16 at 19:12
  • @lleaff maybe I could then make it harder to crack by combining the token + username into a sha1 that has to be checked.. btw, I'm not sure what you mean moving the logic code to the server, it's all javascript code – bushdiver Jan 01 '16 at 19:15
  • 1
    @bushdiver If you have some super-secret algorithm that you use to solve a problem, have that algorithm run on a server and have the client-side JavaScript simply handling input/output. – spac3nerd Jan 01 '16 at 19:21