i am writing a commercial WPF application that needs to be copy-protected. since this is WPF, I am considering porting it to a Silverlight OOB application, if possible. one thing that i am not sure about is whether OOB application is easily "hackable" and can be manually copied to another machine without going to the web URL to download it from. are there any copy protection solutions for OOB applications?
please help thanks konstantin
I have not tried copying one, but I think if you have the .XAP file you would be able to run it on another computer (unless you built protection into the .XAP file)
If you go to this file location: c:\Users\UserName\AppData\Local\Microsoft\Silverlight\OutOfBrowser
You can see all the OOB apps installed. The shortcut on your menu is just using SLlauncher to open the .XAP file... hence I suspect it could be copied and installed (using SLlauncher) again.
I think you would need to built protection into your app...
"Copy Protection" is generally a complete misnomer. When you hand the 'bits' that comprise your application over to someone, technically speaking, there isn't anything you can do to prevent it from being copied.
What pretty much all 'copy protection' schemes actually do is make it difficult to use the application when it is copied. This can be done in a multitude of ways, including keying an application instance to a specific piece of hardware, or a user, or via tracking 'activations', or through SaaS (where any desktop application is useless without an attendant, online service subscription)
A more detailed answer is not possible without knowing more about how your application works. Some types of applications by their very nature do not need traditional copy protection at all (such as those tied tightly to online subscriptions), and others are very difficult to protect.
But to perhaps answer one of your questions; a Silverlight OOB app isn't any 'safer' than one in the browser. Actually, it might be ever so slightly less safe from being easily copied.
You cannot prevent people copying or hacking your app, you can only make it difficult for them. You also have to balance your interests (the security of your app and receiving cash for it) against the user's interests (being able to use the app in a simple way without copy protection annoyances getting in their way).
You can secure access to your webservices using logins, machine level certificates, etc., but that is alo not a complete solution. A vast majority of users will not have the expertise to copy your app to another machine, especially if you are doing things like placing encrypted registration keys in the registry (you could use some of the machine's information as part of the encryption). But you will never stop the dedicated people who do have the expertise.
If your app is awesome enough and priced at the right point then people won't mind paying for it.
