[PHP] Self Destruct code
Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self Destruct code
On Tuesday 07 May 2002 16:19, PHPCoder wrote: Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Presumably they've seen your code working on your server and it does what they expect of it? You could say to them, hand over the money or else (only joking), or hand over half the money, transfer the code, if there's no problem running on their server, give you the rest of the money. This should be solved through legal means rather than technical. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* A beautiful woman is a picture which drives all beholders nobly mad. -- Emerson */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
Hi,
Depends on what type of server they are running,
You could add a script in there that takes a query string that will invoke a
set of
drop table statments,
followed by some file delete's
But as I have never seen the need to do this, I dont have any code that can
help you
But I am sure you will be able to just add a switch in the index page, that
takes something like this
if (isset($op) $op == deletesite)
{
// Drop sql tables
$conn = mysql_connect(host,user,pass);
$sql = DROP TABLE tableName;
$rs = mysql_query($sql, $conn);
for each $file in $files
{
// some delete code
}
}
But yet again I would rather do this via legal means than destroy code.
my $0.02 worth
Thanks
Tommy
-Original Message-
From: PHPCoder [mailto:[EMAIL PROTECTED]]
Sent: Tue, 07 May 2002 10:20
To: php-general
Subject: [PHP] Self Destruct code
Hi
I have a funny request; I wrote a system for a client and am rather
concerned that I am not going to receive payment for the work done. They
want me to hand over the code before they are willing to pay, so
basically I will be left at their mercy; if they don't pay, they will
still have a working version of the system...
So, is there any way I can inconspicuously code in some boo-boo's that
are time related etc. Something that will bomb the mysql tables or break
some code if it is not unlocked within a month etc.
I'm not sure if people out tjere might have existing safeguard tools
etc, so I'm open for suggestions.
PS, I know about Zend's encrypter, but since it will live on their
server, I don't think it will help much since they will need the
decrypter on there anyway right?
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self Destruct code
or.. you can use an airplaine full with gas :))
Tommy Claasens - Q Data KZN a écrit :
Hi,
Depends on what type of server they are running,
You could add a script in there that takes a query string that will invoke a
set of
drop table statments,
followed by some file delete's
But as I have never seen the need to do this, I dont have any code that can
help you
But I am sure you will be able to just add a switch in the index page, that
takes something like this
if (isset($op) $op == deletesite)
{
// Drop sql tables
$conn = mysql_connect(host,user,pass);
$sql = DROP TABLE tableName;
$rs = mysql_query($sql, $conn);
for each $file in $files
{
// some delete code
}
}
But yet again I would rather do this via legal means than destroy code.
my $0.02 worth
Thanks
Tommy
-Original Message-
From: PHPCoder [mailto:[EMAIL PROTECTED]]
Sent: Tue, 07 May 2002 10:20
To: php-general
Subject: [PHP] Self Destruct code
Hi
I have a funny request; I wrote a system for a client and am rather
concerned that I am not going to receive payment for the work done. They
want me to hand over the code before they are willing to pay, so
basically I will be left at their mercy; if they don't pay, they will
still have a working version of the system...
So, is there any way I can inconspicuously code in some boo-boo's that
are time related etc. Something that will bomb the mysql tables or break
some code if it is not unlocked within a month etc.
I'm not sure if people out tjere might have existing safeguard tools
etc, so I'm open for suggestions.
PS, I know about Zend's encrypter, but since it will live on their
server, I don't think it will help much since they will need the
decrypter on there anyway right?
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Marius Ursache (3563 || 3494)
\|/ \|/
@'/ ,. \`@
/_| \__/ |_\
\__U_/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? I wouldn't do something like this, there's too many legalities at stake. Personally I would suggest requiring at least a modest retainer before transmitting the code if you don't trust him (and in the future you may want to consider getting a deposit from a company before even beginning work). The other thing you could do is encode the file using the zend encoder and transmit just the compiled version to themthen they could still wind up not paying you but worse case scenario means they get the code only as is, no ability to modify it or fix bugs. I know you mention in your post you're aware of it but trust me, being unable to fix any bugs with it can serious cause problemsor to even go a step further you could add an extra line of code (assuming you encode this of course) the does an http call to a file/url on a server you controlyou could instruct your program immediately terminate if it cannot access that specific file. Then if the company doesn't pay you, you remove that file and poof the program is no longer usableand since it's encoded they could not determine what the problem is nor solve it. However in the future I strongly urge you to get a deposit for any projects you're going to work on. Such a retainer is perfectly acceptable in a circumstance like thisand it protects you from companies deciding to terminate a project mid-development (or if they don't pay you, you at least get something out of it). Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self Destruct code
Hi, From a legal viewpoint, I don't think you should modify any data or files on the clients computer. Code which simply times out (i.e. stops working but takes no other action) seems more acceptable. HTH Chris PHPCoder wrote: Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
basically I will be left at their mercy; if they don't pay, So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. I'd suggest that you have a legal or business practices issue rather than a technical one. Do you have a signed contract or work agreement? What are the terms and conditions laid out in it? If you don't have one then perhaps you should look at having one. At a minimum I'd be suggesting that such terms and conditions need to address the issues of copyright over the work produced, significant way points or development stages, completion deadlines and payment schedules. If you deliberately sabotage the work you have done you might end up in a poor legal position yourself (leaving aside personal feelings of being able to get back at someone for a moment). If you don't have such things in place then perhaps suggesting a part payment or some other alternative will work. Ultimately, there are no real technical solutions to anything but technical problems and I don't think the situation you're describing falls into that category. CYA, Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
[snip]
I have a funny request; I wrote a system for a client and am rather
concerned that I am not going to receive payment for the work done. They
want me to hand over the code before they are willing to pay, so
basically I will be left at their mercy; if they don't pay, they will
still have a working version of the system...
So, is there any way I can inconspicuously code in some boo-boo's that
are time related etc. Something that will bomb the mysql tables or break
some code if it is not unlocked within a month etc.
I'm not sure if people out tjere might have existing safeguard tools
etc, so I'm open for suggestions.
[/snip]
You could try something like this;
if(date == '30 days from now'){
if(unlock code 'the unlock code'){
Do stuff to disable code, set variables to odd values, drop
tables,
whatever;
Do stuff to send e-mail to offending party;
}
}
HTH!
Jay 'Been There, Has to Do That' Blanchard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
Too easy...the client would just have to check the code for it and he would
have the code.
Better get a md5'd version of the code from somewhere in the net (from your
server for example) and compare it to the md5'd version of the code the
client put in.
But that way the client could always just comment out the if condition.
Hmm..maybe you can obfuscate that somehow...but I've no idea if that's
possible in php...?
-Original Message-
From: Jay Blanchard [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 07, 2002 1:41 PM
To: 'PHPCoder'; 'php-general'
Subject: RE: [PHP] Self Destruct code
[snip]
I have a funny request; I wrote a system for a client and am rather
concerned that I am not going to receive payment for the work
done. They
want me to hand over the code before they are willing to pay, so
basically I will be left at their mercy; if they don't pay, they will
still have a working version of the system...
So, is there any way I can inconspicuously code in some boo-boo's that
are time related etc. Something that will bomb the mysql
tables or break
some code if it is not unlocked within a month etc.
I'm not sure if people out tjere might have existing safeguard tools
etc, so I'm open for suggestions.
[/snip]
You could try something like this;
if(date == '30 days from now'){
if(unlock code 'the unlock code'){
Do stuff to disable code, set variables
to odd values, drop tables,
whatever;
Do stuff to send e-mail to offending party;
}
}
HTH!
Jay 'Been There, Has to Do That' Blanchard
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.330 / Virus Database: 184 - Release Date: 28.02.2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.330 / Virus Database: 184 - Release Date: 28.02.2002
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self Destruct code
I back up Chris' comments about the legality of self-destructing code. Sort out contractual issues with lawyers. If you want to 'limit' your system until you get paid, what about deliberately putting a limit on a column in MySQL, e.g. the key column is a TINYINT rather than INT? Let the customer know that once you're paid, you will un-'cripple' the system. Assure them no data will be lost. Peter. On Tue, 7 May 2002, Chris Hewitt wrote: Hi, From a legal viewpoint, I don't think you should modify any data or files on the clients computer. Code which simply times out (i.e. stops working but takes no other action) seems more acceptable. HTH Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
[snip] Too easy...the client would just have to check the code for it and he would have the code. Better get a md5'd version of the code from somewhere in the net (from your server for example) and compare it to the md5'd version of the code the client put in. But that way the client could always just comment out the if condition. Hmm..maybe you can obfuscate that somehow...but I've no idea if that's possible in php...? [/snip] Assuming the client can read code, but I agree with encrypted code. As for obfusation..isn't that what we live for? :) How about a series of functions that call each other, comments in the code that don't tell the whole story. Name the variable for the unlock code something non-obvious. Check the date and set a variable that seems in concert with the application. Bury functions within other functions. Nest if statements to within an inch of their life. WaitI just read some code like that that was due to lack of planning and documentation...and there is no self-destruct mechanism...just 'spaghetti' code! :) The legal angle should be the one most considered. That and having a contract. Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self Destruct code
::: - Original Message - From: Craig Vincent [EMAIL PROTECTED] To: PHPCoder [EMAIL PROTECTED]; php-general [EMAIL PROTECTED] Sent: Tuesday, May 07, 2002 6:53 PM Subject: RE: [PHP] Self Destruct code Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? I wouldn't do something like this, there's too many legalities at stake. Personally I would suggest requiring at least a modest retainer before transmitting the code if you don't trust him (and in the future you may want to consider getting a deposit from a company before even beginning work). The other thing you could do is encode the file using the zend encoder and transmit just the compiled version to themthen they could still wind up not paying you but worse case scenario means they get the code only as is, no ability to modify it or fix bugs. I know you mention in your post you're aware of it but trust me, being unable to fix any bugs with it can serious cause problemsor to even go a step further you could add an extra line of code (assuming you encode this of course) the does an http call to a file/url on a server you controlyou could instruct your program immediately terminate if it cannot access that specific file. Then if the company doesn't pay you, you remove that file and poof the program is no longer usableand since it's encoded they could not determine what the problem is nor solve it. However in the future I strongly urge you to get a deposit for any projects you're going to work on. Such a retainer is perfectly acceptable in a circumstance like thisand it protects you from companies deciding to terminate a project mid-development (or if they don't pay you, you at least get something out of it). Sincerely, Craig Vincent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Self Destruct code
I don't believe this is the right way to do things, and really, anything you break can be spotted, fixed, patched and repaired. Sure, it might piss them off for a few days, but it aint a solution. 1. Do you have an agreement with the client in writing? Who owns the copyright of the code? Who pays what and when? What warranties are you providing, etc etc? If you don't fix it now. In this case, you would be aiming to have copyright ownership of the code AT LEAST until payment is received. 2. They should be willing to make part/full payment based on viewing the working code on any server. If they want to see it working on their server only, then perhaps suggest that you have control over the passwords until payment... not a solid fix, but better than nothing. 3. In future, you should also aim for part payment (monthly, half-way, deposit, milestones, etc). I've had one client who hadn't payed. I did everything right, kept contracts, kept the FTP passwords, etc etc. The bill was overdue by 15 days, and they were ignoring my emails/calls, so I pulled their site offline. 15 minutes later, I received a phone call. I explained my position, and was payed within 3 hours. The issue here is really who owns the code before and after payment. In conjunction with a written agreement / contract over what happens, when and how (and how much), you should have no reason to really worry. Having written agreements out there also reminds the client of their obligations. It may cost a few $'s, but you will be able to pursue a client who hasn't payed IF you have a written agreement, and clear conditions. The copyright act, and a clear contract are your best safeguards. If they're not willing to agree to simple, industry-standard practices, then to me, the client isn't worth having. Justin French on 07/05/02 6:19 PM, PHPCoder ([EMAIL PROTECTED]) wrote: Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
IANAL! It's against the law in most states to create booby-traps in your code. As others have suggested, don't turn over the code until you've received payment. IMHO, you really should have specified the payment schedule in your contract. =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: PHPCoder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 3:20 AM To: php-general Subject: [PHP] Self Destruct code Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
Or you could set up an automated IMAP Account Creater. That should pretty much take care of things from the way things sound around here:-) -Original Message- From: Cal Evans [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 11:15 AM To: PHPCoder; php-general Subject: RE: [PHP] Self Destruct code IANAL! It's against the law in most states to create booby-traps in your code. As others have suggested, don't turn over the code until you've received payment. IMHO, you really should have specified the payment schedule in your contract. =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: PHPCoder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 3:20 AM To: php-general Subject: [PHP] Self Destruct code Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
Does it have to be a booby-trap or will some little annoyance like a shareware popup that would just aggravate the heck out of them do the trick? Robert W. Collins II Webmaster New Orleans Regional Transit Authority Phone : (504) 248-3826 Email : [EMAIL PROTECTED] -Original Message- From: Cal Evans [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 10:15 AM To: PHPCoder; php-general Subject: RE: [PHP] Self Destruct code IANAL! It's against the law in most states to create booby-traps in your code. As others have suggested, don't turn over the code until you've received payment. IMHO, you really should have specified the payment schedule in your contract. =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: PHPCoder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 3:20 AM To: php-general Subject: [PHP] Self Destruct code Hi I have a funny request; I wrote a system for a client and am rather concerned that I am not going to receive payment for the work done. They want me to hand over the code before they are willing to pay, so basically I will be left at their mercy; if they don't pay, they will still have a working version of the system... So, is there any way I can inconspicuously code in some boo-boo's that are time related etc. Something that will bomb the mysql tables or break some code if it is not unlocked within a month etc. I'm not sure if people out tjere might have existing safeguard tools etc, so I'm open for suggestions. PS, I know about Zend's encrypter, but since it will live on their server, I don't think it will help much since they will need the decrypter on there anyway right? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Self Destruct code
I'm sure we've all had our problems with the client who just doesn't feel like paying. In my particular market, summer resorts and vacation spots are pretty much the main source of web work. Now alot of these businesses are very good in paying, normally I receive payment within a week of sending a bill - however, there are always one or two black sheep in the heard. Last summer I had one of the clients owing in the upper thousands for work I had been doing over a 7 month period - always with the promise that whenever I needed to get the money, it'd be there ... you know, cuz we're all so well off doing web work we can just let a client sit for 7 months and not get anything out of it ... its fun working for free. Anyways, it came down to a small point - this client was starting up a new addition to his business which required participants to register online for ... another plus on my side was that this client had just moved his site from an NT server to UNIX and I was still mid-converting the code ... well, I sorta dragged my feet in getting the files uploaded to the new server until one Saturday morning I receive this angry panic call that nothings working, he has people who claim they've registered and he has no record, blah blah blah ... Short story long, he drove into town that very same morning, I received a notarized check from his bank stating that he did in fact have the funds in his account, and then uploaded the files. Its best to avoid these types of clients, but if you are in a small market such as I am, ignoring one sector or even one client of that sector is inevitable suicide ... frequent bills and frequent calls seem to be the way to go ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
