如何防止java webstart应用程序的盗版 [英] How to prevent piracy for java webstart application
问题描述
我有这个 java swing 应用程序,打算通过 Internet 出售.目前我倾向于使用 java webstart 部署应用程序.该产品将被许可给用户一次只能在一台计算机上使用该程序.我担心这个模型的盗版.我想安装一些安全功能来强制执行许可证模型.目标是至少使许可用户难以将包含许可密钥的已安装产品复制给未许可用户.以下是我现在正在考虑的选项:
I have this java swing application that I intend to sell over the internet. At the moment I'm leaning towards deploying the application using java webstart. The product will be licensed for the user to use the program on one computer at a time only. I am concerned about piracy with this model. I would like to install some security features to enforce the license model. The goal is to at least make it difficult for a licensed user to copy the installed product including license key to unlicensed users. Here are the options I am looking at now:
每次启动程序时,强制用户使用用户名/密码向母船进行身份验证.
Force the user to authenticate to the mother ship with a username/password each time the program is launched.
在用户注册并付款后,只需在用户 PC 上的某处(隐藏?)安装一个许可证密钥.在运行时,验证是否安装了有效的许可证密钥.
Simply install a license key somewhere (hidden?) on the users PC after they have registered and paid. At runtime, verify that there is a valid license key installed.
使用/构建基于用户计算机硬件指纹的安全包.每次启动应用程序时都会计算此指纹,并使用某种哈希与本地安装的许可证密钥进行比较.此许可证密钥将仅对此硬件指纹有效.
Use/build a security package that is based on a hardware fingerprint of the users computer. This fingerprint would be computed each time the app is started and compared with the locally installed license key using some sort of hash. This license key would be would only be valid with this hardware fingerprint.
这里的问题之一是,一旦安装了这个应用程序,除了使用 java webstart 检查应用程序更新之外,应用程序没有任何运行时需要联系母舰.应用程序在本地执行的所有操作都会使用swing 将结果显示给用户.因此,任何涉及母舰的解决方案基本上都意味着构建服务器基础设施,仅用于许可证验证.
One of the issues here is that once this application is installed, there isn't any runtime need for the application to contact the mother ship, other than checking for application updates using java webstart. Everything the app does it does locally and displays the results to the user using swing. So any solution involving a mother ship would basically mean building a server infrastructure for the sole purpose of license verification.
我想我正在寻找的是基于 Java 的东西,它至少在某种程度上是安全的、易于部署并且对用户来说不是痛苦的.您使用了什么安全/许可方法?
I guess what I'm looking for is something java based that is at least somewhat secure, easy to deploy and is not a pain for the user. What security/licensing approach have you used?
我应该补充一点,我不一定要寻找灵丹妙药来绝对防止每个人击败安全性.总会有人有足够的时间来找到完成它的方法.我不太关心这些人.我基本上希望让临时用户难以简单地复制许可证密钥并将其发送给他的好友.如果实施得当,该解决方案应该能让普通用户相信购买它更简单.
I should add that I am not necessarily looking for a silver bullet to prevent absolutely everyone from defeating security. There will always be someone with enough time on their hands to find ways to get it done. I'm not so concerned with these guys. I'm basically looking to make it difficult for a casual user to simply copy the license key and send to his buddies. Implemented correctly, the solution should convince the casual user that it is simpler to just buy it.
推荐答案
我想说 (2) 是您最好的选择.您已经说服自己不考虑 (1) 和 (3),如果用户购买了新主板,则会导致问题.(2) 不会对相当精通计算机的用户提供太多保护,但也不应该造成太多问题.
I'd say (2) is your best bet. You've already talked yourself out of (1), and (3) would cause problems if the user, say, bought a new motherboard. (2) won't be much protection against a reasonably computer-savvy user, but it shouldn't cause too many problems either.
但最终,您无能为力,无法阻止坚定的用户盗版您的软件.
But in the end, nothing you can do will stop a determined user from pirating your software.
事实上,最有效的反盗版软件开发策略是最简单的一种:
In fact, the most effective anti-piracy software development strategy is the simplest one of all:
- 有一个很棒的产品.
- 收取合理的价格.
-- 杰夫阿特伍德
这篇关于如何防止java webstart应用程序的盗版的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
