If you have ever considered commercial web application development, you’ve probably faced the challenge of protecting your intellectual property. I’ve spent the past few months researching and pondering this very problem.
There are many possibilities and issues here. Dynamic web applications are generally written in a client-side scripting language. The nature of these scripting languages is to compile on-the-fly. This means you store the code, in plain-sight. Not very good when you’re trying to sell software, and anyone who purchases it has the ability to reverse engineer your product.
Some technologies, such as JSP, allow you to compile the code down to bytecode, however, by nature of its design, Java bytecode is compact and simple to reverse engineer. Encryption techniques such as ZendGuard are crackable (unencryption has to happen somewhere). ActionScript (Flash) is promising, it compiles down to binary SWF files, however, tools exist to convert these SWF files into their FLA counterparts.
There may be no guaranteed, fool-proof way to protect your code, but one thing that has obviously worked well for stand-alone software vendors is binary compilation. Great, so how do I compile my web code to binary? Simple! Just write your web applications in C/C++ (or other language that compiles to binaries), and run them as CGI scripts.
I had a major AH-HA moment, when I realized that all a CGI script needs to do, is print out the content MIME type, and the actual content, Apache will take care of the rest. This approach will only work on Unix based hosts, as Windows does binaries a little different (suckers). But as the vast majority of web hosts run on Unix, this isn’t a huge deal.
I’m going to create a 2nd post, demonstrating this technique. Look for it in the not-so-distant future.
Update: The 2nd post is up! Running C/C++ Code as a CGI Script
