Safely password protect your work?
I haven't been able to find much reading material on this but it is the most important part of protecting or commercially releasing custom indicators or EAs.
I have purchased a hosting plan which allows me to put up some MySQL databases but I can't find any documentation on different methods to protect my work when I do something for someone and don't want it being mass distributed because I still intend to keep the software's intellectual property.
There seems to be two popular ways to protect software out there and I would like to read up on both if I could find the material.
Method 1: Have a user specific code in the database that must be entered into the indicator/ea options upon attaching it to the chart and this is verified by having the indicator/ea connect to the database and verify authenticity. The problem I see with this is how to ensure the code is only being used by that one person and not shared (would have to log IPs that are using the code etc).
Method 2: Have the user provide their account number they intend to use the EA/Indicator with and have that in the database which the program would then authenticate. Problem here is what about for people who want to use it on demo accounts, can the program figure out whether or not to authenticate based on the account number (do I know if it's a demo or live account from the account number)?
Anyone have any reading material that covers this, any books or online tutorials that cover it?
Don't distribute the code. Simple as that.
If you want to go the more complex route...
Don't put the logic in the .ex4 file. It can easily be decompiled. Put it up on your webserver and just have the indis feed data to that. As for logging IPs, make sure you log a time. If there is more than one IP in the same hour using the indi, block usage.
I agree with RR. This is the best and probably only way to completely secure your work. Note that it will not prevent someone to put a trade copier on his account and resale the signal if they are very good.
If your system is very very good, there is no reason to sell it in the first place except if you need the capital to start making bucks from the beginning.
The reason for protecting the work would not be for selling, it would be to prevent selling.
If I develop an EA for someone for free, I don't want them to turn around and start selling it.
Ronald, where the ex4 file must talk to a database or another file somewhere else is an example of something I need to find reading material on. Do you have any sources?
Look at any of my [TD] EAs.
There is a function called "TickData"
Web communication is all there.
Ok so I've been doing as much reading as I can in only a few hours but so far from what I can tell...
1. A ex4 is probably the worst way to give an EA to someone you don't want to re-sell it.
2. A dll is only marginally better.
3. Since both of those are not that great, using a password from a webserver to authenticate the EA to a user is basically almost entirely a waste of effort.
So that leaves only a couple options...
For Custom Indicators the only real safety net is to have someone agree to a EULA before giving it out. But how much sense does this make when I am not even making money myself and is it even possible to enforce? Someone could still de-compile, steal the logic and make their own program with slight modifications to mask it as their own and being one person I don't have time to try and find every Custom Indicator out there someone is trying to sell and see if it looks like something I made.
Same for EA's, I can either try to go the EULA route or have the EA run on my own webserver and print out the signals onto the website but I don't really even know where to start if I was going to do that.
Is it possible that I make an EA that just takes the price information and any other data required and sends it to the webserver and then a program on the server does all the calculations to see if you should enter long/short. Same for exits I imagine, this way all math would be kept private on a server and not on the clients machine. If this is a possible route then I would ask, does anyone have any reading material for doing this sort of thing?
I've posted the questions here as well, hopefully I will get some responses.
FAP Turbo is a well known EA, would you agree?
Google: "FAP Turbo Rapidshare"
You can find a decompiled/cracked version for free just about anywhere.
If you really want to ensure that your system stays free, release it everywhere. Make sure anyone can find it.
If you really want to make this secure my suggestion is to put the logic into the webserver. Not any authentication script. It's very possible to turn this into a form of membership site, implement authentication, etc. There is plenty of sample code in any of my [TD] EAs showing how the EA communicates to the webserver.
Well I think this will be tougher then I thought as I haven't seen any reading material for it.
But what it seems like I need to do is write an application on my server which listens for updates to a file and then based on the name of the EA and the data passed to the server I can do the math needed to send back what action the clients EA should execute.
If this is not possible then please tell me now. And if it is possible and anyone can give possible starting points for how to do this (both the ex4 communication and the server side integration) that would be largely appreciated.
Thanks for the example [TD] EA's, I have started to read through one of them although it seems like it is writing data to a php file right? I would like to see more examples and reading online if anyone can provide links or code.
Gimme a call when you can (my profile)
© Forex Factory