I worked on a project for 9 months and I am finally ready to start selling it to potential clients. Before I do this, I would like to know what security measures to take so that it doesn't get hacked or stolen by pirates.
i want to secure my soft with this two conditions:
1/ check if the dongle is exist on the user pc 2/ if the dongle exist, check if the user is connected to the internet
and i want to host all the software scripts in the server ( encrypted )
my question is :
i don't have any idea about the dongle protection is i can to turn any usb flash disk to dongle ? or i must to buy it ?
Verifying authenticity of the scripts.
It is not necessary to upload the whole script to the server just to verify it is un-changed, that is what hashes are for.
Note: Just about any cryptographic hash can be used, SHA-256 is a good choice, is only 32-bytes and generally quite fast.
Alternatively you could compare the hash on the client. If you are concerned with a user changing the comparison hashes in the client it is more likely the user will just remove the scrypt check. This is essentially what Apple does, it has hashes of all code files as part of the application (with a few special things).
Flash drive as a dongle: No that will notwork because a user can just duplicate the flash drive.