JayBird61
Posts: 2
Joined: Fri Nov 15, 2019 5:58 pm

Maybe a Dumb Question, But How Can I Lock Down an App?

Fri Nov 15, 2019 9:12 pm

Hi all - My very first post as I am new to Pi Land. I am thinking of using a couple of Pi 4's configured as LAMPs to run a small frontend to kitchen PHP site.There will be a maximum of approximately 12 tablets or touchscreen monitors for user interfaces. Users in the frontend will 'build' orders and submit them to the kitchen for preparation. There will be no product pricing needed in the app.

After each order is created in the frontend it will be stored in a MySQL database, a little printer will print an order number for the customer, and the order will then be displayed on one of the tablets or touchscreen monitors in the kitchen. Now some questions:

1) Is there a relatively easy way to lock down the code or the hardware (maybe with a USB key, etc.) to prevent this app from being copied (stolen) off of the Pi?

2) Would a single Pi 4 Model B have enough oomph (I know, right? ;) ) to run this system?

3) If the answer to 1 is 'yes' what are the gotchas I should lookout for in this system?

Thanks in advance, and I hope to have a Pi 4 B soon to begin some testing. Living in Iceland makes obtaining one both a little harder, and a lot more expensive.

W. H. Heydt
Posts: 11247
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Maybe a Dumb Question, But How Can I Lock Down an App?

Sat Nov 16, 2019 2:03 am

JayBird61 wrote:
Fri Nov 15, 2019 9:12 pm
1) Is there a relatively easy way to lock down the code or the hardware (maybe with a USB key, etc.) to prevent this app from being copied (stolen) off of the Pi?
Short answer: No.

Longer answer: So long as the person wanting to take your program has physical access to the Pi, there is virtually nothing you can do to prevent them from just taking the whole system. You can just not put the source code on the Pi (assuming you aren't using an interpreted language). You can use a different user for using the system than the user that owns (in the Linux sense) the source and object code and then only give the account that simply uses it execute permission (and neither read nor write permission).
2) Would a single Pi 4 Model B have enough oomph (I know, right? ;) ) to run this system?
It certainly should.

User avatar
rpdom
Posts: 15868
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Maybe a Dumb Question, But How Can I Lock Down an App?

Sat Nov 16, 2019 5:50 am

W. H. Heydt wrote:
Sat Nov 16, 2019 2:03 am
You can just not put the source code on the Pi (assuming you aren't using an interpreted language).
Well...
JayBird61 wrote:
Fri Nov 15, 2019 9:12 pm
to run a small frontend to kitchen PHP site.
pretty much implies an interpreted language.

JayBird61
Posts: 2
Joined: Fri Nov 15, 2019 5:58 pm

Re: Maybe a Dumb Question, But How Can I Lock Down an App?

Tue Nov 19, 2019 10:54 am

Thanks W. H. Heydt and rpdom for your prompt replies. I did not receive notification that my post had been approved, nor did I receive any notification of your replies. Good thing I decided to check! :)

So maybe my first post did not go quite as planned. My main concern was with the capability of the Pi 4, which sounds as if this will not be an issue. The other issue might not be that difficult, as the folks at ionCube told me their Cerberus product can lock encrypted code to a MAC address. That should cover that. While the Pi could be stolen, they would still not be able to access any unencrypted code.

PiGraham
Posts: 3678
Joined: Fri Jun 07, 2013 12:37 pm
Location: Waterlooville

Re: Maybe a Dumb Question, But How Can I Lock Down an App?

Tue Nov 19, 2019 11:11 am

JayBird61 wrote:
Tue Nov 19, 2019 10:54 am
Thanks W. H. Heydt and rpdom for your prompt replies. I did not receive notification that my post had been approved, nor did I receive any notification of your replies. Good thing I decided to check! :)

So maybe my first post did not go quite as planned. My main concern was with the capability of the Pi 4, which sounds as if this will not be an issue. The other issue might not be that difficult, as the folks at ionCube told me their Cerberus product can lock encrypted code to a MAC address. That should cover that. While the Pi could be stolen, they would still not be able to access any unencrypted code.
Bad news.
The SD cars could be duplicated and used in another Pi to make clones of your system.
AFAIK MAC address is not burned into the hardware, it's on the SD card and can be set via the boot commandline.
The recent post below seems to confirm it's not immutable.
Guff666 wrote:
Fri Nov 15, 2019 9:53 am
I got to the bottom of the problem. My installation, (and I think, buster by default) had network-manager installed. Network-manager gets the IP address instead of dhcpcd and network-manager can be set to randomise the MAC address when it boots. This is a security “feature”, but it obviously screws with statically-allocated IP addresses.
The documentation is confusing about how to stop this behaviour (it’s not supposed to be the default anyway). My solution was to simply remove network-manager.

Return to “Beginners”