Hi all,
I have a question regarding the protection of software that has been built inhouse.
Basically, i've built an inhouse CMS using PHP, all web builds that were done for our clients were done by us through our CMS and hosted on our own servers.
Now the problem is that one of our clients now wants to host their Website themselves, which means that we have to also pass them our CMS, which is the backbone of the website. The main concern with this client is that we don't want them to tamper with the coding behind the CMS or to pass the CMS on to other people, as its one of our products, which we sent time developing.
Even though we can get the client to sign documents to not do this, we would never know that the product has been passed on, even if it was.
I just basically wanted to know what the best solution to this would be.
I was thinking along the lines of possibly putting hidden code in the CMS that randomly connects to us and sends all the code behind the cms back to us, to confirm that it hasn't been tampered with.
and also to have some hidden code that checks where the CMS is sitting (i.e. what server its on) so that if it is ever passed around. the CMS will connect to our systems and let us know where it is.
If any of the two rules above are broken, then i want the CMS to stop working and delete itself and all database entries. (basically do a self destruct).
This may seem like an extreme solution, but we need to protect our dear CMS, which we've sent thousands of £'s developing.
Does anyone have any other ideas or concepts on this, obviously it needs to be implementable in PHP as well. The above are just my thoughts, don't know how well it would work, but if someone has tried something similiar, then any replies to this would be really appreciated.