It boils down to a couple of things:
1) Do they have access to the source?
2) Are you under contractual obligation to give them source?
If either answer is, "yes", then I'd finish the project, get
paid, and chalk this one up to experience. If both answers are, "no",
you may be able to keep exclusive rights to the source.
It's a very sticky situation but it happens all the time. You
probably wrote the app with the intent that it would be implemented only
by the contracting entity and that you may be brought in for maintenance,
support, etc. You probably priced the job based on this presumed usage
and the assumption that you would still have control of the source.
You probably didn't expect the consultant to turn around and try to
create a resale product based on your work without any compensation or
credit. If you knew the work would have 2 million users or that it would
be repackaged and sold, you would have asked for more money or to be brought
on as the lead developer at the company. Strictly speaking, the consultancy
is
more than likely within the letter of the law. Morally/Ethically
I would say that you are in the right. If you create something
with immediate value then you should be duly compensated. This
shows I'm not a real businessman because if I were I'd be thinking,
"Hey, I got a great deal on this app because the developer was
naive and now I can make a lot of money reselling it. Check out my ROI!"
As for the various encryption/obfuscation techniques that have been
discussed, they're all moot if you have to turn over the source.
If source is NOT required you can encrypt the source files using cfcrypt
and disallow any access to the plain text versions. As has been mentioned,
it is rather trivial to decrypt files that have been encrypted using
cfcrypt, by using cfdecrypt :) If you do encrypt the files, which I would
do on the production code anyway, I would include in each file a blurb
stating something like, "Decryption is not allowed and constitutes a
violation blah, blah, blah. Copyright ME 2000." This is not a binding
agreement but, if you catch someone using your previously encrypted code
you'll have more of a leg to stand on.
A last resort, assuming the consultancy can use the code but doesn't
exclusively own it, is to make the app OSS (Open Source Software) so that
anyone can d/l it for free with the source. What this really accomplishes,
besides public edification, is to prevent the consultancy from making the
code
proprietary to them. Right now it's proprietary to you :) Once the source is
out
there's nothing to stop anyone from repackaging it and selling it in a
compiled or encrypted format as their own.
[NOTE] I support the idea of OSS. I mention it as a "last resort" in the
context
of "methods to prevent someone else from using your source in a proprietary
way".
Once the source is out there's nothing to stop anyone from repackaging
it and selling it in a compiled or encrypted format as their own but, your
open
source will allow others to learn, find bugs, improve upon, and possibly
create an alternative to the proprietary version being sold by your
arch-nemisis ;)
Steve
P.S. Make sure the server(s) hosting this app are locked down and have the
appropriate service packs, hot fixes, and system tweaks in place to prevent
someone from viewing the CF source via a web browser, a la the "::DATA" and
"+.htr" bugs. Wouldn't ya' feel dumb then? :)
At 02:00 PM 8/29/00 -0400, you wrote:
>Here is my situation in more detail, and I know I'm not alone. I saw a
>thread similar to this topic dealing from a legal stand point. early
>this year.
>
>I was sub-contracted by a consulting company to write a test web app for
>one specific client of theirs. The program is custom written for that
>specific client and parts would have to be rewritten to work into a
>general setting.
>
>Over the course of development they have really begun to see potential
>in the project and are seeing dollar signs. It was mentioned in the
>consulting firms big meeting that they were thinking of downloading the
>CF code and even the databases, repackage/rewrite it into a marketable
>fashion and resell it.
>
>My concern is, how secure is the ColdFusion code and database structure
>from downloading? I would like any information on the legal rights of
>the different parties -- programmer, consultant, client, someone who
>downloads it. I realise you all aren't lawyers, but any info or opinions
>would help.
>
>Kelly Olson
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
