EA Protection: How Not to Lose Your Custom Robots/Indicators to Hackers
How would you feel when you have worked hard to develop a strategy, paid a programmer some good money to code the strategy into a robot or trading algorithm software, then put it up for sale hoping to make some good money from it, only for you to see the same product you toiled so hard to create, made available on many file-sharing sites for a fraction of the cost or for free? It is a really horrible feeling.
However, you need not panic. With a little bit forward planning, a few crucial steps will preserve your intellectual property and help you make the money you should be making from your product.
The basic protection level available for EA protection is to implement a script into the code that permits only approved accounts to be able to run the EA. In other words, if a trader's account number is 134567, the programmer will use the coding language of the platform of the broker where the trader has this account, and input a script line that stipulates that the EA will only work on account number 134567. Attempting to use this EA on another account will not be successful as an error message will be received. There are disadvantages to this method of protection however. A trader may have more than one account with different brokers, and this means that all accounts have to be coded into the script. If the EA is for commercial use, the logistics of adding and removing accounts in the coding is cumbersome and expensive. What's more, the source code is unprotected and can be reverse engineered by decompilers.
The intermediate protection consists of the addition of one or two elements to the basic protection. These are addition of expiration times to the EA, which can be sold to end-users on a subscription basis, or by addition of a Dynamic Linked Library (DLL) file. A DLL is a file extension that can contain data, code or a resource in various combinations. DLL files themselves are not entirely fool-proof as they possess a vulnerability that allows the file to be hijacked. A DLL file protects the EA from decompilation. Several layers of protection can be added to the DLL file to increase its security.
The advanced protection option consists of creating a Master-Slave EA file, with the option of adding DLL protection and php authentication in various degrees. A combination of all three is the most secure advanced protection for your EA.
How do these options work?
a) The Master EA is created and put on a secure virtual private server (VPS). The Master EA contains the source code. The Slave EA is also coded, without the source code and made to point towards the master EA on the server. The slave EA is handed over to the client. Signals are sent from the master EA to the slave EA for trade execution.
b) DLL protection can be added to the master EA to block attempts from decompilers that may try to attack the master EA at the server level. Do not forget that some “buyers” may actually be hackers who can trace the server where the master EA is hosted from the slave EA and direct their hacking attempts there.
c) a PHP authentication system exists where clients who buy the slave EA are put into a MySQL database from where users can be added or deleted. A further level of protection can pin down the user to a specific IP address. Not only will usage outside the authroized IP address be blocked, but with this authentication, there is no way a hacker can gain access to the source code in the master EA.
If you have an EA that you intend to sell, you should invest in one or more of these protection methods. They will save you money in lost revenue down the road.