As we all know, source codes as they are in their raw .cs form, can be copied, modfied and used by anyone. I would like to protect my source codes from being distributed and used freely as I work in a big organization. I am thinking of creating a library, and for the library to work properly, user has to key in a password in the editor when building.
I know about Managed Library, it does provide some sort of obfuscation, anyone know any idea if we can include the editor-password function? Any feedback and discussions are welcome.
This doesn’t make too much sense in my opinion.
If someone has the password, they will be able to extract the code. If it is their goal to distribute it, they will simply do it afterwards when they unlocked the password protection.
Technically there would be a huge hurdle to get something like that. For small developers definitely not worth the time to implement something like that.
True, that is the purpose of the password - it is known to only certain senior personnel who have the permission to make builds. Another reason for doing so is because our framework uses various paid plugins, and we would like to protect these plugins from being freely accesible when it is being copied and used unscrupulously.
What I mean is that you are not only encrypting the code. On the user’s machine, you will need to decrypt it. This has to happen at a certain point, otherwise the code can’t be executed. Even if you try to protect it, at a certain point, there will be managed code on the user’s computer, and that is when it can be stolen.
For awhile at my day job we had certain people who were and weren’t allowed to use workspaces with raw source code in them (as opposed to compiled libraries). Ultimately we scrapped it because it caused more headaches than it solved. If you have people in your organization that you can’t trust with your code then they shouldn’t be in your organization. You shouldn’t attempt to apply a technical solution to a personnel problem.
Thanks for the links to the other forums, it is a good read. However, I am not that concerned with compiled code… for now. It is the source that we are concerned. We have a large influx and efflux of interns that work on bits and pieces of various games, being interns, they come and go. We are planning to build new games based on this framework that we developed, with in app purchases and social functions powered by plugins bought from the store. So as you can see, anyone who is working on a game will have access, and subsequently, the ability to copy and use this framework personally. I hope this better illustrates our concern.
You can compile the code and get dll files. As you are not concerned about compiled code, that is the solution to your problem…
However, those dll files can first of all be decompiled very easily and secondly, you have to be careful that you don’t end up with missing monobehaviour messages all over the place when you update the dlls.
There is no way to protect your project from someone who has access to it. You could have some traps in your code that prevent people from running it outside of the editor or maybe make it impossible to create a build. However, there has to be a workaround for it, as you most likely plan to create a build at a certain point. That also means the trusted circle is allowed to create builds and if someone has to find any kind of issues that only appears in builds, you will have a very pleasant workflow to isolate those issues. Overcoming the trap has to be very simple and hence it is likely to be found relatively easily. Still, someone has to create and maintain it and has to spend time on it.
The concerns are justified, but there is no practical solution, unless you don’t give them access.
Work the other way. Why should interns have access to your main code base? Make the project modular and only give them access to the module they are working on.
But ultimately a HR and legal solution might be better.
If you’re that concerned about it then firewall dropbox and other filesharing sites, social media sites, internet email, and put a bios level block on USB hard drives. These are all not uncommon practices
Might I suggest that what you want isn’t a technical solution to the problem, but a legal one. Licenses and copyright are pretty well established methods for dealing with this scenario.