{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叼着烟拽天下 的问题《Piracy protection using USB based hardware solutio》','https://www.manongdao.com/q-327467.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
i want to protect my Java product by using some USB-based authentication and password management solution like you can buy it here: aladdin This mean that you have to connect a USB stick with a special software on it, before you can start your application.
I would like to here some experience of users which have used hardware like this.
- Is this as safe as it sounds?
- General: How much money you would spend to protect a software which would sell 100 times?
I will obfuscate my Java code and save some user specific OS settings in a crypted file which is lying somewhere on the hard disk. I dont want to constrain the user to do a online registration, because the internet is not necessary for the application.
Thanks
Comment: The company i am working for is using Wibu for now more than 5 years.
For piracy protection I use OM-p They provide: - free piracy consulting - free anti piracy monitoring - and payed piracy takedowns
First, make sure that it will not be counter-productive. It has a non-negligible cost in development, test, maintenance and customer support. Cases where such a protection is the more appropriate is when your software is THE software, almost with a machine dedicated to it.
I know that latest wibu products have a pretty good robustness, and are in practice hacker proof. (Other similar products probably exist also). Basically, parts of your code can be encrypted in the key itself, with an encryption key changing all the time. They ran worldwide hacker contests where no one was able to use unauthorized versions of a protected software.
Even though my view on the subject is to not use such piracy protection schemes, I can give you a few pointers since we have used such a solution in the past. In particular we used Aladdin tokens as well.
This solution in terms of security is quite robust, since it is something that you either have it on the system, or you don't. It's not something that you can easily override, provided that your code is secure as well.
On the down side, we came across a problem that made us drop the Hardware token solution. Our application is an intranet web Application, (i.e. a web app running in the local intranet of the customer, not a hosted solution) and quite often the customers wanted to deploy our app on blade servers or even virtual servers, where they did not have USB ports!
So before you choose such a solution, take such factors under consideration.