Protecting Data

[elrey103]

Got a question.

I have a spreadsheet that I'm thinking of starting to sell online (or send a CD to those who purchase it)....

Here's the key -

How do I get it to be protected from being copied....

Is there a way to make the file so that people MUST run it from the CD and can't load it onto their hard drive - or a way to get it so that it cannot be recopied?

Generally the file is in Excel - has some macros and such - but could be converted to a open source solution too....

[nihil]

In a word "No"

The problem is that the CD has excel spreadsheets on it. That will make excel open and load them onto the local machine. Once that happens you can do anything you like with them.

Sorry, but that is my experience, and MS Office apps are virtually unprotectable.

Cheers

/off topic

Bozo: I've forgotten my access database password
nihil: Stick it on a shared server and I will have a look
Bozo: OK, thanks.........................

30 seconds later

nihil: It's lager1666, what's the matter, can't you spell Kronenbourg?

[ss2chef]

Originally posted here by elrey103

Here's the key -

How do I get it to be protected from being copied....

You can't easily or cheaply if you are going to distribute it.

If demand is high, will be hard to keep people from getting at it.

I have started to see people distribute software with a special USB key that the software
checks for before running a program. Its the same as used to happen with parallel port PIKS
in the past.
Going this route would require you to wrap your spreadsheet in another program..

Is this spreadsheet that cool that you fear mass copying? What is it?

[elrey103]

This spreadsheet is a masterpiece of work for fantasy football drafting - becoming ever more popular.

Now before you bash me - I do work for a bank as their network admin - I posted this kind of question here because I know you folks are the experts.

My plan is to market this online on some of the big fantasy football websites next year and be able to sell it to anyone interested...

I know the limitations of Excel - I know how to password protect the worksheets and workbooks - that sort of thing - but that doesn't really stop people from passing it out to friends and letting them use it....

I wasn't sure if there was a way to implement something that checks the windows key for that computer - or something of that sort.

One way I was thinking to get around it was to have a download on the website they'd buy it from - and have them need to enter a userid and password to get to the downlaod - create an individual user id and password for each user - and have the server keep track of which users had downloaded the file - therefore not allowing another download of that file...as this would have updates almost daily....

but that is getting pretty hefty....and that still isn't keeping them from downloading the updates and then sending it out to a friend....

I paid for one of these so called spreadsheets off of a very highly respected FF site this year - and mine blows it away - by far.....so yeah - I think it is highly marketable considering its capabilites.

[Vorlin]

Excel, word, and various other MS products-related (and other programs in general), once loaded, will have a temp file created (you've seen those ~blahblah.tmp files). This, among other reasons, is how you can totally quit without saving, even if you totally botched the whole program, and you still have everything you need. This temp file is where it all fails because if one has "detect all teh hidden filez!" in your explorer View settings, they can copy that anywhere else, rename it accordingly, and do whatever they want.

As for excel spreadsheets, I'd sooner create a PostgreSQL/PHP setup and never worry about a "masterpiece" getting out of hand, passed around, changed by others, etc...

One way you could do it, elrey103, is to have a PHP/db_of_sorts design where you have a username/password creation and in their user file, when they want to download the program/etc, you can have a column in the users tablespace where it starts as an int, set for default 0, and then when they download it, it does a few things:

1: update counter to +1 (set hard limits maybe in the download section, like no more than 3 downloads, etc).

2: create a temporary download directory like ~/x8573Jdls785 and put the file to download in there. Put a time limit on the directory, like 1 day, then have it auto-deleted. These are popular methods as of right now as I've seen.

Hope this helps!

[elrey103]

Awesome suggestions....

right now I'm throwing around the idea or marketing this...

i like the Excel format because almost everyone has excel now - and it doesn't take a super computer laptop to run it....

Next year I'm hoping to have something marketable...but protection may just have to be something I risk -

good thing is - fantasy football owners that pay to get this may not be as willing to share this with others in their own league....so that may be ok...haha.

[AngelicKnight]

but that is getting pretty hefty....and that still isn't keeping them from downloading the updates and then sending it out to a friend....

Keep in mind that "pretty hefty" is probably going to be your best bet though. There's almost always a way to copy no matter what you do, but you can at least impliment something to minimize that occuring.

[elrey103]

very true....

[Vorlin]

Yeah, create a solid product and have enough "deterrence" in your security to prevent most of the people who'd rip you off from getting it. Nothing is secure, no matter how much security is in place, yet if you have enough deterring factors, that's enough to get someone to look elsewhere. Most of your customers would more than likely pay for the product if it were well-done and maintained.

Never lose sight in your product when security's in mind. I've seen plenty of good programs turn bad, not because the person/author quit but because they were more concerned with security than their program being updated/etc.

[slarty]

I guess one possibility would be installing a small database of some sort on the CD, and having Excel pull the data from it by ODBC. Of course you'd need whatever restribution licences that required and you'd probably need to install the ODBC driver, but then your database software would be able to limit access based on node locking, dongles etc.

Another route is to somehow transparently decrypt it by way of a third party program. The snag is, how to prevent the user from easily obtaining the decrypted file (bear in mind that excel would work with a temp file or something that they could get).

I can't see a way you can give XL access to the file without other programs being able to swipe (and thus copy) it too.

VBA scripts can of course be all disabled and the excel file cracked anyway. I guess you could code some VBA scripts which create some kind of view of the data, which are otherwise present anyway but encrypted. This VBA would then have to do whatever necessary to validate the licence - perhaps checking the internet occasionally for stolen serials which have been published - or something.

In any case, it sounds complicated, unreliable, and may piss the users off

Slarty