jerrym
Posts: 52
|
Posted: 08/17/2008, 8:57 PM |
|
Hey guys
wondering if someone could advise with the following issue.
i'm doing some work on a web app with a SQL Server backend for a client. They have promised to pay me progressively say each month. Is there a way to stop the application from functioning should they default on paying me? Either through some sort of code in CCS or maybe in the database?
regards
Jerry
|
|
|
wkempees
Posts: 1679
|
Posted: 08/18/2008, 5:44 AM |
|
Any check you might come up with is rendered useless if the customer can either delete or change that code.
So read this on encoding your code: http://forums.codecharge.com/posts.php?post_id=98801&s_keyword=asp+encode
Then, think up an easy way to keep in control:
You could have a datafield in a table that you remotely update at intervals.
You could even have a piece of code that retreives a value from one of your databases.
Many more ways to do this.......
Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
jerrym
Posts: 52
|
Posted: 08/18/2008, 3:37 PM |
|
Hi walter
i like the idea of either;
1. You could have a datafield in a table that you remotely update at intervals.
2. You could even have a piece of code that retreives a value from one of your databases.
with option 1 i presume this is done manually, ie you use vpn and RDP to update a 'serial no'
walter would appreciate if you could expand on the option 2 situation on how to achieve this.
regards
jerry
|
|
|
marcwolf
Posts: 361
|
Posted: 08/18/2008, 5:44 PM |
|
Another way I have seen this done is on the Client Side.
Some companies who sell Javascript products add in a time limiting capacity to their JS code and then use a common ofusicator to hide everything.
What you can do is this.. That the current function.js which is needed by CCS, add in a routine that will check the webpage for a hidden date field. During the load of the page this hidden date field can be verifies and if it does not match what is in the Javascript code - pop up a message.
Then you can obfusicate the code so that it becomes impossible to find what is happening inside the javascript code.
If you clients try and go back to a previus version of teh Javascript file then they will get the error message 'Out of Date'.
If they try and drop the Javascript files then the system will not work because they do not have the other javascript functions.
Each time you load up a new part of the code you just change the date in the source of teh Javascript code and then just re-encode.
Of course what you will need to do is to have the hidden date field somewhere in the page.. And that can be MD5'ed or domething to add confusion.
Hope the idea's help
Dave
_________________
' Coding Coding Coding
Keep Those Keyboards Coding.
Raw Code!!!!!!!
|
|
|
jerrym
Posts: 52
|
Posted: 08/18/2008, 7:28 PM |
|
Hi Dave
your suggestion is very interesting. Have you done something like this in a real live situation?
and do you think it cna be done via sql server? thinking aloud... what if a 'job' can be setup inside the database that makes a request to a remote server for a new 'key' ?
any other suggestions anyone?
|
|
|
tsgroman
Posts: 64
|
Posted: 08/18/2008, 8:25 PM |
|
It's been my experience that you should:
1. Require a large enough deposit to make you feel comfortable performing the service for which the client is hiring you to perform and that will cover your time and expenses until the next stop on your payment schedule. If they refuse, find a real client.
2. Have the entirety of your agreement in writing - including payment schedule. In the agreement, state penalties for nonperformance. In the agreement, convert the deposit to liquid damages in the event the other party defaults.
3. Don't default on your end of the agreement.
|
|
|
marcwolf
Posts: 361
|
Posted: 08/19/2008, 3:37 PM |
|
Or Lastly Never Never get involved with a
"Hey - I've got a great idea for a betting program (Stockmarket, insert whatever here) .. I'll supply the idea And you do the coding... And we'll split 50/50.. Ok"
_________________
' Coding Coding Coding
Keep Those Keyboards Coding.
Raw Code!!!!!!!
|
|
|
marcwolf
Posts: 361
|
Posted: 08/19/2008, 3:43 PM |
|
Hi Jerrym
Not exactly. I have written programs in VB6 that used a machine specif key. However I have also trialled several Javascript add-in that were timelocked somehow so that the version was either DEMO only.. or was timelocked.
If you are sure that the application is being tested only in one timezone then you could embedd the date of expiry within the Javascript (together with the other vital functions) and do a check on that.
Sadly Cross domain scripting is still a security issue else you could dynamically create an AJAX connection to your server ans validate that way, If you send back an EXPIRED status then pop-up etc will appear in the clients browser session.
Take Care
Dave
_________________
' Coding Coding Coding
Keep Those Keyboards Coding.
Raw Code!!!!!!!
|
|
|
wkempees
Posts: 1679
|
Posted: 08/20/2008, 8:04 AM |
|
jerry,
You are a lucky guy to get so many (good) responses.
Specially the ones about how and who to do bizz, I subscribe to those as well, be selective and get the funding secured.
If it is on a ( you build/we exploit 50/50 revenues) basis, I always make sure that the party commits by doing a (good) deposit, one that covers thirdparty costs as well as nett building cost. So if in the end you do not get into the 50/50 or the projects stops, you at least have the basic funding in house.
On the part 2 of my suggestion:
Have the encryption in place.
In your CCS project define a second connection to one of your own databases (which should have cross domain access allowed).
In your application have a routine that retreives a value from a table from your database and knows what to do with it (your specific check algorithm)
Also cater for multiple accesses over a period like four days in a row if any access failed, to cater for your database being off-line.
In a simpler form you could just acces (read, XML or even plain) a file on your machine.
Something like that.
HTH
Walter
(had the project, seen them die, still food on the table)
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
jerrym
Posts: 52
|
Posted: 08/20/2008, 3:32 PM |
|
Hi Walter
yes i agree with all the good advice about taking a good deposit & being selective on clients.
Quote :In your CCS project define a second connection to one of your own databases (which should have cross domain access allowed).In your application have a routine that retreives a value from a table from your database and knows what to do with it (your specific check algorithm)
Also cater for multiple accesses over a period like four days in a row if any access failed, to cater for your database being off-line.
i like the sound of the above.
perhaps following your suggestion, i could;
- setup another connection in CCS to connect to a remote database
- setup a expiry date & serial fields in a table on the client database
- configure their normal Login form with additional hidden parameters to check Expiry Date. if expired connect to the Remote Database to check serial. (this perhaps is to limit the number of remote connections, as once a month is suffice). if serial matches continue, if serial does not match redirect to another page to contact someone.... hehehe like Walter who suggested this method!
i like this concept walter as it doesnt involve remote update of any info, it just checks for matching serials between a remote DB and the client DB.
More good advice anybody....?
Jerry
|
|
|
wkempees
Posts: 1679
|
Posted: 08/21/2008, 3:58 AM |
|
HaHa, like your response, but.... you should have source encryption of sorts,
to prevent disabeling the disabeling code.
Or have a second stage, look into database synchronization.
Also keep in mind, disabling, cripelling a delivered product could have legal issues.
So make it a friendly solution.
Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
dataobjx
Posts: 181
|
Posted: 08/30/2008, 5:42 PM |
|
A lot of great idea's - but be careful. Under common law principles you could actually get sued by taking such an action (crippling the software) notwithstanding the fact that they haven't paid in full. There are a thousand legal cases where this has happened. You'd be better off figuring out a better way of negotiating payment real-time.
For instance, you could deploy the 'module' to your own web-site for 'testing and approval' with an understanding that you'll deploy it on the customer site when payment has been received.
_________________
www.DataObjx.net
www.mydigitalapps.com |
|
|
advcomputer
Posts: 68
|
Posted: 09/15/2008, 5:15 PM |
|
Dataobjx hit it right on the head. Be careful. It's not worth getting sued over.
Jeff
================================
Jeff Goldstein
President
Web Applications for Business
www.wafbiz.com
|
|
|
ok0510
Posts: 1
|
Posted: 09/16/2008, 5:36 PM |
|
1. You could have a datafield in a table that you remotely update at intervals.
2. You could even have a piece of code that retreives a value from one of your databases.
buywowgold.org.cn]Buy WOW Gold[/url][url=http://www.xcelwebdesign.com]Logo Design[/url]
_________________
[url=http://www.world-warcraft-gold.org]World of Warcraft Gold[/url]
[url=http://www.buywowgold.org.cn]WOW Gold[/url]
[url=http://www.bankofwow.com]Cheap WOW Gold[/url]
[url=http://www.gameusd.com]WOW Gold[/url]
|
|
|