Friday, September 5, 2014

The fRiDaY File - Protecting Software

Question: How do I prevent our application from synchronizing via MobiLink from a device that's different from the original device the application was installed on?

Is there a solution built in to SQL Anywhere 16 or do we have to build it ourselves?

Short answer: There is no solution built in to SQL Anywhere/MobiLink.

Long answer: It is a simple requirement, but it is one that has spawned an entire industry: "How do I uniquely identify the computer on which my application is running?" Try asking that question on Google; I get 30,400,000 hits.

There are a lot of simplistic solutions (MAC address is a favorite) but they immediately lead to followup questions: "How do I let users move the application to a different computer when the first one is stolen/lost/destroyed/upgraded?" and "How do I deal with spoofed MAC addresses?"

There are no known solutions that meet all of these criteria:

  • economical to implement,

  • reliable, and

  • user-friendly.
Many solutions (e.g., the one used to protect Sybase software like PowerBuilder) fail to meet ANY of those criteria... IMO anyway :)

The solution I prefer ("Rely on the honesty of users") is known to meet two of the three criteria (economical, user-friendly)... whether it meets the third criteria (reliable) is something I prefer not to think about :)

No comments: