Is it possible to register and protect XML files that work inside of another program? I do not own the program but I do own the data that works inside the program. This data is stored in a separate folder and is XML files.
This is a new application for me and I am struggling to find a way to have a registration process to limit the files to the user who has made the purchase. Does anyone have some advice to where I can go and have this accomplished?
Much thanks in advance for your thoughts and suggestions.
I have to work with XML files and have some limited knowledge of them. Hopefully someone with more depth on this will chime in.
As far as I know XML files are just text files with a rigid format. I don’t know how you would limit their use without having them translated from other format that has security built into it.
Excel worksheets are actually a collection of zipped (compressed together) XML files which are interpreted and displayed by the Excel program.
That is an example of an application where the application itself guards the xml files (password enabled)
So if the program you are using to interpret your XML files had password protection with the ability to encrypt your files it would work out for you.
Without your host program’s cooperation though I don’t know how you could do it.
Do you want to protect it technically or legally? IANAL, but if the data can be considered an original work then it can be copyrighted. For technical protection you’ll need to look to encryption.
BubbaDog has it pretty much covered. There are frameworks that exist to cope with this issue, but in the end, the hosting program needs to provide a way to hook into the protection framework, or provide one itself. Even then the protection afforded is only good up to a point.
Eventually your data - no matter what you encode it in, be it XML or just a bunch of bytes, must exist in the clear in program memory. Any reasonably sophisticated user can fish it out from there. At best all you can do is place speed bumps in the way. The terms of licensing your data can also include explicit prohibition against decryption or technical attack, which might provide additional leverage if you need to take action against a customer, but otherwise provide zero actual help.
The usual trick is to encrypt your data, and for the using program to internally decrypt it with a set of keys. One key typically lives in a license file, and another is embedded in the program itself. Trouble is, is that the user still actually has possession of the keys, it is just that one of them will require reverse engineering it out of the program. So again, this is a speed hump, and the DCMA might provide you with some legal protection, as it is illegal, not just a breach of contract, to break it. But not much more.
In a previous life I worked for a company that marketed a major program written in Python. Compiled Python is trivially de-compiled from the target byte-code. So efforts were made to use a facility that bootstrapped the program into existence, whereby the main code was encrypted whilst in the file system, but decrypted into memory to actually run. Again, this a technical speed-hump. But the DCMA makes fishing the code back out illegal.
Technically you could provide a programme that creates a RAM file system that is protected in such a manner that only the running program is afforded access to it, and on demand decrypt the XML files into this file system, killing it when the user program terminates. You may need to wrap control of execution of the user program up so that it is also under the control of the decryption manager. Even this is reasonably easily circumventable - but doing so can be seen to violate your licence agreement and also the DCMA. That is about as good as you will get I fear. At least with the current computer ISA designs and operating systems.
I didn’t have any time to consider this today, but I think you should look to the app provider for solutions. One thing to determine is if the XML needs to be in a local file. If it can be remotely accessed there are a variety of means to secure access to a remote server that might work with this app. But the app is going to be the limiting factor here.
And don’t forget that if the app is making the data visible then anyone who really wants to steal it can find a way to scrape it out of there.
Also, think in different directions, maybe this data is a way sell something else to the users that you can control. Like the drug pushers on after school specials you could give them a taste for free and hook them on a continuing source of revenue.
My suggestion about a RAM file system doesn’t need their help - but is messy and more a symbolic than technically solid idea.
I’m assuming this is a Windows based system. Under Unix variants it would be possible to write a server program that appeared as a socket that vomited the file contents up when needed. The socket can be made to appear as a file to the client program. I have not looked at Windows in detail to know if a similar feature is supported by the OS. The ability to embed everything into the file system and have it behave as a file was one of the key really important defining ideas of Unix.
You are most certainly not the first person with this problem.
I am sure I am not, and YES it is Windows based. I knew it was a long shot, but I was hoping that someone here might have solved the problem.
It is two issues. I own the data that works inside another program, and it is XML files. I have talked with 5 or 6 companies that are in the business of registering software and they all work with executable files. I can convert this to exe files, but don’t want to spend the time to do it.
Everyone else I work with gives me the tools to do this, or control it themselves.