Controlling who can run an executable
chrisgarland67 at hotmail.com
Tue Oct 4 12:49:50 CEST 2005
Paul Rubin wrote:
> "Cigar" <chrisgarland67 at hotmail.com> writes:
> > Now that I'm three months into the development of this program, my
> > client tells me she would like to protect her investment by preventing
> > her employees from doing the same to her. (Going to the competition
> > and using her program.)
> Exactly what is the threat here?
I think the BIGGEST threat here is a feeling of vulnerablity. She now
realizes that she is in a position that her competition was many years
ago when she came into possesion of program the 'other side' was using
and that she is now vulnerable. She wants to feel safe in the
knowledge that she didn't reach into her pocket and pay thousands of
dollars for a program that now could now be used by her competition.
Nobody wants to pay money to level the playing field for all in a
> Misuse of confidential data, or
It's just a collection of names, addresses, phone numbers, birthdays
and drivers licences/health cards. I can think of a few dishonest
things that could be done with this but her competition has the
basically the same clients.
> just the code itself?
> Does the code do anything that fantastic?
Not by my standards but it is slowly replacing a paper system. (Police
officer shows up and says 'We've just arrested John Smith. Has he sold
you anything in the last 90 days. The client says 'Just a minute' and
reaches for a set of 4" d-ring binders and turns hundreds of pages
looking for a Smith name...) My client is relived that this senario
will soon disappear.
> Did the employees sign NDA's? Usually this kind of thing is taken care of by
> legal agreements.
Good question! I'm pretty sure not but that's something I could
suggest to her.
> What is the competitor going to do with this code even if they get it?
Simplify their lives. See above.
> It's just keeping track of transactions and stuff, right?
You are correct sir.
> It's being
> tailored to one person's specific preferences and requirements, and
> the competitor's needs will be different and they may as well just use
> something generic.
Not really. The client just wants to track people and what they buy,
sell or put on buyback. Their competitions needs are the same.
> Also, is there an office network? Maybe you could run the program on
> a server that most employees wouldn't have access to. They'd use it
> through some limited client program or through a web browser.
A network exists but the client insists on a standalone PC.
More information about the Python-list