5 Replies Latest reply on Oct 21, 2008 6:52 AM by Linux Rules

    Securing access to WebHelp output

    RoboColum(n) Level 5
      I am after some advice from those with experience on securing access to Webhelp ouptut. What we want is to control user access to the server to only those with the product installed - a Marketing decision designed to protect our intellectual property. However each product has a different installation method. Some use an install shield that can be run by anyone whilst others use a script run by one of our product consultants.

      I know whatever we do will have to be on the application side but I want to suggest that whatever approach is used is as generic as possible. My current thinking is that the webhelp output would be locked down and that each product install would include read access rights to the help. This could be added to any install script and also any install shield. Obviously we would have to make our users aware via the install docs about the access changes.

      Does this sound like a good approach or is there a better way of achieving the same thing?
        • 1. Re: Securing access to WebHelp output
          MergeThis Level 4
          Colum, as to enforcing any type of lockdown to "protect our intellectual property," I'm afraid the genie has long been out of the bottle. The HTML protocol actually encourages the opposite, doesn't it?

          I'm thinking that your app would need to be set up for customers' admin folks to assign user privs as needed. You might get others to chime in with different solutions, however.


          Good luck,
          Leon
          • 2. Re: Securing access to WebHelp output
            RoboColum(n) Level 5
            Thanks for this input Leon. I'd agree with you and Peter (who also chimed in earlier). I think this is an utterly useless exercise and have said so but the idea prevails. If others have any input I'd like to hear from you.
            • 3. Re: Securing access to WebHelp output
              Linux Rules Level 2
              Hello Colum -

              You already answered your marketing dept. question: "What we want is to control user access to the server to only those with the product installed..."

              Access control at the server level (numerous products to do that).

              However, once logged in the displayed html files are no longer "safe" - why doesn't your marketing department trust your paying customers?

              Regards,
              GEWB
              • 4. Re: Securing access to WebHelp output
                RoboColum(n) Level 5
                It's our competitors they are thinking of. Personally I think that if a competitor wants to see what our software does they just need to visit one of our stalls at a sales convention or visit our website. Accessing the help would provide further detail of what we do but they'd still have to code the darn application.

                Thanks very much for all the replies. It has backed up what I originally thought, but which I won't repeat here in case there is someone of a nervous disposition.
                • 5. Securing access to WebHelp output
                  Linux Rules Level 2
                  Hello Colum -

                  Got to love those marketing types - hide what we make so no one can copy it.

                  I remember the dBase / Lotus 123 / etc days...those protection schemes lasted no more than a couple days on my workstation. 8^)

                  Regards,
                  GEWB