Posted by Justin Reynolds on April 21, 2009 at 09:20:45:
In Reply to: Re: Security posted by Jim Guerber on April 21, 2009 at 08:47:15:
speaking as an end-user (someone who gives you money through one of your resellers), it feels extremely wrong for the details of our license to be publicly available.
to be a devil's advocate:
i can now peruse all licenses, find competitors in our industry, and gauge how invested they are in comet (and our resellers) products. i can use this to loosely gauge how they're doing financially.
if i were a developer of a competing product (something that competes with our reseller's product), i now have a wonderful list of potential clients, and their level of need/interest, and a rough idea how much money they're spending (so that my competing product can undercut them).
if i were a developer of a competing product to comet itself, i now know all of your end-users, and a rough estimate of how much money they're spending for your product (so that i can undercut you).
if i were a seriously committed hacker, i now have plenty of examples of the encryption being used with your dongles, which i could use to reverse-engineer.
i agree that online distribution of licenses to your resellers is a good idea. i think the execution is severely flawed; these details should not be public. a simple password-protected folder on your web server would suffice.
Each file can be a maximum of 1MB in length Uploaded files will be purged from the server on a regular basis.