I have a small classic asp site and I am concerned that a client may stop paying me. The site is on their server, so I basically want an “off switch” in the event they stop paying me. I couldn’t think of a good way to do this as they have a tech person who has access to the server, so any code I write to stop the site would be easily found and changed in the classic asp site (there aren’t many pages).
So we had thought of maybe obfuscating the 2 main class pages so that they won’t be able to edit the pages easily and we still have code to stop the site functioning. My questions are:
- What is the best option for obfuscating classic asp code (if anyone has done this before)?
- Is there another option that maybe we’re not thinking of?
Thanks for any help you can provide!!
I think your energies are better placed on setting milestones in your project that are tied to payments. This ideally is done in increments so that neither party feels at a disadvantage with regards to the amount of work done / amount of money paid.
Obfuscation is easily removed and decoded, generally.
Remote checking for a security license opens a security hole for the application, and also can be defeated relatively easy.
Putting in code that “self destructs” if some action or code is not removed is also not great practice.
Licensed software is a little bit different in this regard. It sounds like you’re building a bespoke system that you will simply hand over to the client at the end. If that’s the case, putting in mechanisms to disable that system that only you control is not a great way to build trust. They may be violating trust if they fail to pay, but your disabling of the website actually gives them an additional incentive NOT to pay you, and consider you as a programmer willing to put in a Trojan Horse into the code.
The real problem to solve here is not in code, but in project management. A social not a programming problem.
This is a hard problem, and a great one for StackOverflow. I wish you well in sorting it out.