相当开放的 UNIX 产品的许可和/或并发使用强制机制?
对于如何向(基于 UNIX 的)软件产品添加许可证密钥强制或并发用户限制强制的任何建议,我将不胜感激,该软件产品虽然不是明确开源的,但最终用户名义上拥有源代码,或者可以,可以想象,相对容易获得,因为运行它的服务器位于其所在地等。
显然,我既不寻求也不期待一种无法被高度主动这样做的人和/或 1337 h4x0rs 规避的技术,这些人只是就这样就好了。 这种反盗版机制的目的并不是阻止用户做他们真正想做的事情,而只是让它变得足够烦人,与仅仅付费的相对容易相比,这并不值得这么麻烦。另一个(便宜的)许可证 - 至少对于能力一般的最终用户来说是这样。
这需要比单纯的默默无闻的安全性更复杂的东西(这也会让可能遇到它的用户嘲笑你,即使是无意中无意修改设置),但与保护导弹发射井所需的东西完全不同。 只要说“是的,这个产品确实限制了你购买的产品的使用”就够了。 理想情况下,也不应该有任何有趣的事情足以激励那些追求名利的人发布有关如何破解它的博客文章,尽管考虑到该产品的小众性和价格的低廉,我不认为这是关心。
我能想到的唯一真正的技术是将程序其余部分在功能上必需的一些例程编译成静态或动态二进制可重新加载对象,并随之包含检查。 例程在某些不可分割的方面至关重要,而不是仅针对特定条件进行人为检查,否则用户可能会禁用对该函数的调用。 这个想法是禁用对该函数的调用还会产生其他不吸引人的后果。
这不是聪明的黑客无法反汇编的,而且,显然,如果该函数足够简单,可以构建到一个无用的二进制文件中,那么它也足够简单,可以在其外部重新实现。 但这比典型的最终用户需要付出更多的努力。 当然,再说一遍,重点不是机械地阻止盗版,而只是设置一点限制,以便该产品不能纯粹在荣誉系统上运行,尽管我当然,这对于美国的许多企业买家来说已经足够了。
这是一种常见的方法吗? 还有更好的吗?
I would be grateful for any suggestions on how to add license key enforcement or concurrent user limit enforcement to a (UNIX-based) software product that - while not explicitly open-source - the end-user nominally has source code to, or could, conceivably, obtain with relative ease because the servers running it are located on their premises, etc.
Obviously, I am neither seeking nor expecting a technique that cannot be circumvented by someone highly motivated to do so, and/or by 1337 h4x0rs that are just good like that. The point of such anti-piracy mechanisms isn't to prevent the user from doing something they really want to do, but just to make it annoying enough to do that it's not really worth the hassle as compared to the relative ease of just paying for another (cheap) license - at least, for an end-user of merely average abilities.
That calls for something more sophisticated than mere security by obscurity (which will also get you laughed at by users that may come across it, even inadvertently without the intent to modify the setting), but nothing close to what's required to guard a missile silo. Just enough of something to say, "Yes, this product really does limit the use to what you bought." Shouldn't be anything interesting enough to motivate someone seeking fame and fortune to post a blog entry about how to crack it either, ideally, although given how utterly niche the product is and how inexpensive it is, I don't see that as being a concern.
The only real technique I can think of is to compile some routine(s) that is functionally essential to the rest of the program into a static or dynamic binary reloadable object and, along with it, include the checks. It is necessary that the routine be critical in some inseparable respect, rather than an artificial check just for that particular condition, otherwise the user could just go and disable the call to the function. The idea is that disabling the call to the function has other unattractive consequences as well.
That's nothing a smart hacker can't disassemble, and, obviously, if the function is trivial enough to build into an otherwise purposeless binary, it is trivial enough to reimplement outside of it as well. But it's more effort than a typical end-user would bother going through. And of course, again, the point isn't to mechanically stop piracy, but just to put a little limit in place so that the product doesn't work purely on the honour system, though I'm sure that's sufficient for many corporate buyers in the US.
Is this a common approach? Are there better ones?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
所有这些都会激怒你诚实的用户,而任何称职的盗版者都会在五分钟内破解它 - 不要这样做。
All this will do is piss off your honest users, while any pirate worth his salt will crack it in five minutes - don't do it.