I am working on a web application written in perl on Windows/IIS (ick!) with an Access database as a back end. I am a consultant, and we make money selling risk management services. The application is a tool to support the risk management process, and our take on this is quite novel.

One of our customers wants to install the application on one of their servers outside of our controlled network. The problem is that we can not (as stated by our customer!) trust the users on the server, and we do not want someone to just copy our hard work and sell it as their own.

We do of course have a license to protect ourselves, but we feel that we need a technical barrier too. This is the meat of the question, so please pardon the long-winded introduction.

We have thought about using a standard obfuscator to mangle the code, but this is not enough. We have also considered perlexe (the page is unresponsive at the moment) or somesuch, but we are not sure of the implications of using such a tool. Additionally, there is a chance that the application will be migrated to GNU/Linux with MySQL (yay!). Are there compilers that work consistenly across several platforms?

We have also thought about implementing a wrapper to the perl interpreter. The idea is to encrypt the sources and decrypt them on the fly before sending them to the interpreter. This of course, raises a lot of issues regarding efficiency, and some questions on how to transfer the cgi environment correctly from the wrapper to the perl interpreter. Lastly, the choice of cryptography is also an issue, as the country to which we want to export is not a covered by the Wassenaar Arrangement, that covers exports of strong cryptography.

I presume there are many more sides to this problem than I have presented here, and will greatly appreciate any tips, musings and comments.

I am also aware of the fact that many people will find our wish to close down our source to be Evil. I firmly believe in freedom of information, but the application in question is the result of hard work in an extremely competitive market, which means that we have to keep our cards close to our chests.

pernod
--
Mischief. Mayhem. Soap.

In reply to Restricting access to cgi source by pernod

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.