My boss asked me if I could encrypt all of our customizations for a specific client, fearing that the solution we created might fall into one of our competitor’s hands. He wants to keep the solution we created to be uniquely ours.
Is it possible though? To encrypt customizations? If yes, then how?
You can encrypt Solution files when building them, but they’ll be decrypted and stored unencrypted when deployed to the client.
Hypothetically, you could move all the proprietary logic to DLL files and call those into customisations and BPMs, and protect the DLLs themselves. I don’t know if there are any other options.
I have to say I think even attempting to obscure your work is an incredibly bad idea, though. For the client, nothing works better and there’s a whole load of downside, which means they might well think twice about ever working with your company again.
I will agree with @dhewi, they are paying for the solution all of it, what they do with it is up to them. Encrypting or obfuscating the solution for a competitive “advantage” (or any reason really) is pretty shady.
I agree with dhewi and jose. Don’t do it. The proper way to protect the code is legally, with a license agreement.
My first thought was about the terms of how it was created, as to whether hiding the code would be appropriate.
I have always thought that if I purchase a “solution”, then I’m buying the rights to use it and therefore code is owned by develop and can be obscured to the end user.
If I pay somebody on a time and materials basis to create some custom code, then I would expect to have access to it. If the develop wants to then sell the same solution to another customer, should there be permission sought from the original client and/or some revneue share, other benefit?
I want to add my opinion about this. Epicor CSG does this – obfuscates their code and digitally signs their DLLs.
Something called EFT which literally could be done in a SQL stored procedure to extract data to a text file, Epicor CSG deliberately put in a DLL file. Each upgrade requires them to re-compile this single DLL which literally would take 10 minutes to do. Instead it has to “go into our queue and could take 6 - 8 weeks to be completed”.
Needless to say, the Client will deal with this non-sense right now to get through the Upgrade but its been such a horrible experience that they have already said they will never use CSG again.
That being said, I am agreeing with the others – the Customer is paying for a solution not the “rights” to use something. Add a premium if you need to do it, but they should have the full solution including the source.
I’ve seen my customizations many times running around in the wild. Some were even items I built on my own time while self-employed.
I know what customer had it, which Consultant did it, and what Partner profited by it. In the end, its a community. If I wanted to start something legal, it would cost me more that anything I “lost” (meaning didn’t earn, nor would have). It also would make me one of “those” guys. I’m proud that I did a good job and it was worth more than I knew.
Would I have liked to get compensated? Yes.
Would it have been nice if the changed more in the code than just removing my name? Sure.
But obviously, I’m here, on this site, helping for free anyway. 
Enjoy life and what you do, let others worry about themselves 
Technically speaking, you’re not doing it for free. That Patreon badge says that you’re actually paying to give away the code you share. 
Here’s another idea, embed a license in the BAQ or customization as commented lines.
/* LICENSE HERE */
If you find your exact code out there floating around minus the license terms and attribution, a lawsuit would be simple, short and sweet. And if you spent the time creating it, don’t worry about being THAT guy by initiating the lawsuit. It’s better to be THAT guy than to be known as the one who is easily pushed around and easily stolen from. That said, if there are not ANY terms or license embedded in the customization, well, then yeah it is free for anyone to copy or even resell and you have no recourse.
That could get messy though - if you’re an end user and another consultant “installs” this solution for you minus the License text, is it the end user who is 100% unaware of the origin of the source code that you go after?
I’m not a lawyer but it seems the liability would fall 100% on the person who committed the violation: the one who removed the license text and copied the code, not the end user who probably would never see it or even know that it exists. It would be the consultant who is breaching the license, not the end user.
I think you have to rely on Karma.
I have developed quite a few dashboards, checklists, and even Smartsheets that can be copied and handed out.
I agree with Jason - I move on and do the best that I can with the customers that want my help.
So @aamerabuarja, did you show this thread to your boss yet? I’m curious what he has to say about it now.
And if that consultant “found” it on GitHub or the likes …
I can’t speak for anyone else as a developer, but I suspect I for one overestimate the value and uniqueness of what I’ve created. If it wasn’t mine that somebody was using they’d get something similar from somewhere that did the job and I’d see no benefit either way.
Then turning round and speaking as the client - because we do also use consultants - I would always rather hire the person or company who has a track record of solving problems similar to mine, so if I’ve seen related work of theirs out in the field then that speaks well of their capability and I’m interested in using them. In a way, it’s advertising that actually means something. I should imagine that anyone who helps out on these forums must think similarly otherwise they wouldn’t be doing it.
i think that you need to understand such situation in more depth, it is different world guys, there are no copyright laws or/and even consumer protection, the competition is harsh and everyone is trying to protect his living.
Guys, thank you all for the replies. I’ll take everything you said here into consideration.
@Banderson, yes, yes I did, and he is still not convinced. I might tell him about the solution provided by @aaronssh, about the license terms and that’s it.
When making a case for not enabling some form of encryption or authenticity checks, don’t forget remind them of the costs (both real and in customer satisfaction) when support is required for the decryption/authentication itself. Not the actual functionality the customization provides, but for when the encryption/authentication fails. And it will. The customer will change something on their network, update the O/S, etc…
Our CAD programs use various licensing techniques. The 3D modeling uses a system where seats are checked out via a license server. When that goes down, no one can use the program. Another just checks if its already in use and provides annoying pop-ups, but remains usable.
Ok here is my 2 cents…
We did have a consultant create some code for us. This code was charged a hefty sum. Meaning, if the consultant is charging X$ per hour for his work, well we paid it in full. The charge was not diminished by a percentage just in case it could be used by another customer… That other customer I am sure would have been charged as a new project…the same amount as us… 
What I mean is we paid in full this code, at a high market price, I would assume we own it. And thus can do what we want with it.
Actually, we found that is was not doing what we wanted… and so we created a replacement version in house…with some base from that consultant’s code !
Pierre