Как создать безопасное лицензированное JAVA EE-приложение? [закрытый]
Вы можете делать то, что вы хотите, используя namespace upvar, который предназначен для просмотра переменных в другом пространстве имен:
namespace upvar $fooSpace $myValue fruit
В качестве альтернативы, вы можете использовать upvar, чтобы сделать это, но тогда вам нужно чтобы остановить замену имени переменной fooSpace на включение впоследствии разделителя пространства имен (или вы в конечном итоге говорите о переменной с пустым именем в этом пространстве имен, которое, вероятно, не существует). Этот контроль цитирования выполняется с помощью ${…} следующим образом:
upvar ${fooSpace}::$myValue fruit
(Вы также можете использовать ${fooSpace}::${myValue}, после синтаксического анализа все будет работать одинаково.)
Я рекомендую что вы используете namespace upvar, хотя: он немного более эффективен, потому что ему вообще не нужно повторно анализировать имена переменных.
4 ответа
Bill Karwin's answer was the most useful of the answers from the question mentioned in the comments. Assuming that you will go ahead with a "protection" scheme, try to do the bare minimum. Anything else tends to frustrate users immensely and leads to lower repeat business and/or an increased desire to hack around your frustrating system.
From your question, it's tough to tell if each user will install the application. If so, you probably just need to require a license code that they must contact you in some way to get. If it's a client-server thing, then your options are a lot more limited; in fact, I can't think of a single solution I've ever designed in my head or come across in practice that isn't massively frustrating. You could probably do a license code solution here, too, except the license code would somehow carry a payload that indicated the number of users they paid for and then disallow the creation/use of users in excess of that number. At that point, though, you're really walking that frustration line I mentioned.
If you can obfuscate - this is the way to go for a start. But it could be painful if you use inversion of control frameworks (e.g. spring). I heard that it's possible to obfuscate spring context as well, never tried it though. Also (just guessing) there could be some surprises with reflections, dynamic proxies and such. As to the licensing, I can suggest using TrueLicense. It has very flexible means of handling various aspects of protection as well as free trial periods out of the box. Works very well and has great documentation.
Посмотрите, как Atlassian продает свою продукцию. Я считаю, что это подход, который работает очень хорошо, и, вероятно, будет для вас тоже. Примечание: подписка на обновления должна быть добавлена!
Do clients pay for support of this application? If so, there is a chance that support is a bigger pay-off than the licensing of the application itself. If so, you may consider not locking down the application, but rather, choosing to only provide support for authentic copies of the software (unmodified copies proved via checksums and the such). Many businesses licensing this software would be more inclined to avoid any modifications (even though the chance of them wanting to actually do this is probably tiny) in order to not jeopardize their support.
FYI: This is how Oracle tends to operate with their e-Business Suite. You can modify pretty much any component you want. Good luck on getting support, though!