Securing codebase against theft

Does anyone have any suggestions on securing your codebase from theft? How do you protect your intellectual property, and ensure that if you say, demo your codebase to a client that it doesn’t get stolen out from under you?
Embed a poison pill in the code? Have an in-band authorization process?

Any suggestions and resources are appreciated.

You can only skin a cat so many ways, patant your ideas of you are worried about theft.

Compile the code.

file permissions. lock down the demo machine.

Sign a contract / non-disclosure agreement with the potential client that includes full pricing under all scenarios of use and outlines legal consequences of unauthorized use.

Patent protection would likely not apply to a web application, and even if it did, it would only give you the right to sue someone you suspect of infringement, which can be done much more simply, and at much less cost, with a contract. Patents are bloody expensive things to maintain, especially worldwide patents!

I haven’t remained current with this, but it has long been possible to decompile compiled CF code, and believe it remains possible.

Yes and no, its very hard to read if you decompile the bytecode. But a trained person can read it, same as C#, Java, C++ and Machine Language. If they are going to go to that trouble there is no real way to stop them.

This is something Luis and I have discussed at length in regards to our commercial products like DataBoss and ProfileBox. At the end of the day, it will come down to how hard you want to make it. Honestly, you can spend more money and effort trying to secure the code than you might lose in sales. I would look at these approaches:

  1. NDA/Contract - Gives you legal recourse
  2. Pre-compile to Java bytecode
  3. Employ license file containing encrypted data to activate the software
  4. Trust - At some point, you have to trust that most people will respect you and your work and a good relationship with the client helps that.



ColdBox Platform Evangelist
Ortus Solutions, Corp

ColdBox Platform: