[NTLUG:Discuss] FW: motivating shady clients to payup
kbrannen@gte.net
kbrannen at gte.net
Tue Aug 27 00:20:45 CDT 2002
Steve Baker wrote:
> jeremyb at univista.com wrote:
>
>> All of this will be disclosed to the client. I'd like input from you
>> all
>> regarding this plan....
>
>
> If I were an 'unsavory client' - I'd simply unscrew the hard drive from
> the PC
> and place it into another PC as Drive #2 and voila! All secrets may be
> revealed
> without worrying about passwords, BIOS's, CD-ROMS or Floppies.
>
> Of course your client may not realise this - but anyone worth protecting
> against to the degree you suggest should be able to figure.
>
> If someone has physical access to the machine, protecting it is pretty
> tough.
Excellent points! Kinda like trying to secure your machines against crackers,
it's a race. :-)
You could write the code to turn parts of itself off after a certain period of
time, or even to erase itself. Of course, the app would have to monitor and
store (probably inside the executable) time used itself (with a checksum)
instead of relying on the system clock, to prevent a system clock reset
"crack"; (or since you have internet access, query a reliable outside source
for the current time). Once payment was recevied, you'd deliver a new
executable with the "check_time_and_maybe_disable_cool_features()" function
call removed (i.e. you'd upgrade the demo version to a production version).
This "prevention" could still be circumvented, but now it will most likely
take programming skills, which they probably don't have or they wouldn't be
hiring you. :-)
Or make the "demo" version call home to your machine at start-up, and once a
day, and if it doesn't get authenication (because of the date), it only works
in "partial" mode with the cool stuff turned off. This assumes you have a
reliable connection for your machine. Again, deliever a production version
without this check upon payment.
There are probably more options, but you have to decide what it's worth to
you, i.e. if you didn't get paid at all versus the time it would take to
implement a "non-payment" protection plan. If you're payment is a few hundred
dollars, I'd seriously consider not worring about it (pointing out to them the
reputation damage you can do [legally] for not getting paid; e.g. telling
NTLUG who they are so that it will be much harder to get good help next time
they need work done). If it's multiple thousands of dollars, a few hours of
work to do something is probably worth it.
HTH,
Kevin
More information about the Discuss
mailing list