问题
I'd like to sell a static library for Cocoa Touch apps but want to protect it from being freely distributed. Has anyone tried this or have suggestions on a scheme(s) that I can build to handle it?
One example from the desktop world is a vendor sending a license key to you after purchasing the library. That key must be embedded in your app, which is what the library will look for at runtime. The problem is anyone can post the library and key on the web.
回答1:
Build a strong fast key-generator algorithm and partly base it on the purchasers bundle identifier. When someone purchases the library, they give you the bundle identifier and you give them a key to embed. In runtime, read the bundle identifier and the embedded key, run it through the algorithm and see if it matches.
This is a little better because someone is less likely to use a bundle identifier if it comes from someone else — they would have to setup multiple certificates, developer profiles etc. Also, a legal purchase would probably not reuse the library illegally between different app of his/her own.
回答2:
Well, I wouldn't bother trying to sell a copy-protected library to other developers. Since we're talking about iPhone apps, if you suspect that someone's using your code without authorization, and you can prove it, you can send Apple a DMCA takedown notice and get it pulled off the store.
回答3:
Tricky. I suppose it depends on where you want to sit on the inconvenience - security spectrum. If you wanted to be a huge jerk you could require that all the binaries built with your tool be sent to a webservice you publish which would add a key to them based on a hash of the binary. Probably you're best to follow your current plan. Yes it could be posted on the web but that is just a chance you're going to have to take. It is best not to treat your customers as criminals. Keep track of the keys you sell and if you find one online that you sold revoke their license.
回答4:
Try in this way: you ask the developer to give you the application name of the app that will use your library. send the library with encrypted appname e your internal license code.
Your library will check at random time, appname and license, then put a check in your library that access a site on internet to validate the pair. if there's no match, your library asks the application to quit.
来源:https://stackoverflow.com/questions/1739373/licensing-system-for-static-library