如何防止盗版的java webstart应用程序 [英] How to prevent piracy for java webstart application

问题描述

我有这个java swing应用程序，我打算通过互联网销售。目前，我倾向于使用java webstart部署应用程序。该产品将被授权给用户一次只能在一台计算机上使用该程序。我担心这个模式的盗版。我想安装一些安全功能来强制许可证模型。目标是至少使许可用户难以将已安装的产品（包括许可证密钥）复制到未许可的用户。以下是我现在正在查看的选项：

1. 强制用户使用用户名/密码对母船进行身份验证时间该程序启动。




2. 在注册和付款后，只需在用户PC上安装许可证密钥（隐藏？）。在运行时，验证是否安装了有效的许可证密钥。




3. 使用/构建基于用户计算机的硬件指纹的安全软件包。每次应用程序启动时都会计算该指纹，并使用某种哈希与本地安装的许可证密钥进行比较。此许可证密钥将仅对该硬件指纹有效。

这里的一个问题是，一旦安装了这个应用程序，应用程序就不需要任何运行时联系母舰，除了使用java webstart检查应用程序更新。应用程序在本地执行的所有操作，并使用swing向用户显示结果。因此，涉及母船的任何解决方案基本上都意味着建立服务器基础设施，仅用于许可证验证。

我想我正在寻找的是基于java的至少有些安全，易于部署，并不是用户的痛苦。你使用了什么安全/许可方式？

编辑：我应该补充说，我不一定要找一个银弹，以防止绝对每个人都击败安全。总是有一个人有足够的时间在手上找到方法来完成。我不太在乎这些家伙。我基本上希望一个休闲用户很难简单地复制许可证密钥并发送给他的好友。

解决方案

我会说（2） ）是你最好的选择。你已经说过了（1），（3）会出现问题，如果用户说，买了一个新的主板。 （2）对于一个合理的电脑熟练的用户来说，并不会有太多的保护，但是也不应该造成太多的问题。

但是最终没有你可以做的是阻止一个确定的用户盗版您的软件。

事实上，最有效的反盗版软件开发策略是最简单的全部：

1. 有一个很棒的产品。


2. strong>为此收取公平的价格

- Jeff Atwood

I have this java swing application that I intend to sell over the internet. At the moment I'm leaning towards deploying the application using java webstart. The product will be licensed for the user to use the program on one computer at a time only. I am concerned about piracy with this model. I would like to install some security features to enforce the license model. The goal is to at least make it difficult for a licensed user to copy the installed product including license key to unlicensed users. Here are the options I am looking at now:

1. Force the user to authenticate to the mother ship with a username/password each time the program is launched.

2. Simply install a license key somewhere (hidden?) on the users PC after they have registered and paid. At runtime, verify that there is a valid license key installed.

3. Use/build a security package that is based on a hardware fingerprint of the users computer. This fingerprint would be computed each time the app is started and compared with the locally installed license key using some sort of hash. This license key would be would only be valid with this hardware fingerprint.

One of the issues here is that once this application is installed, there isn't any runtime need for the application to contact the mother ship, other than checking for application updates using java webstart. Everything the app does it does locally and displays the results to the user using swing. So any solution involving a mother ship would basically mean building a server infrastructure for the sole purpose of license verification.

I guess what I'm looking for is something java based that is at least somewhat secure, easy to deploy and is not a pain for the user. What security/licensing approach have you used?

EDIT: I should add that I am not necessarily looking for a silver bullet to prevent absolutely everyone from defeating security. There will always be someone with enough time on their hands to find ways to get it done. I'm not so concerned with these guys. I'm basically looking to make it difficult for a casual user to simply copy the license key and send to his buddies. Implemented correctly, the solution should convince the casual user that it is simpler to just buy it.

解决方案

I'd say (2) is your best bet. You've already talked yourself out of (1), and (3) would cause problems if the user, say, bought a new motherboard. (2) won't be much protection against a reasonably computer-savvy user, but it shouldn't cause too many problems either.

But in the end, nothing you can do will stop a determined user from pirating your software.

In fact, the most effective anti-piracy software development strategy is the simplest one of all:

1. Have a great freaking product.
2. Charge a fair price for it.

-- Jeff Atwood

这篇关于如何防止盗版的java webstart应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！