I figured I'd start a new thread for this. Occasionally people mention the still under-development WHSuite in other threads, where the exact things said will get lost. It would be against the rules of WHT for the developers of WHSuite to start their own thread. But I can't see why I can't.
So there's a new billing / support platform currently under development. Website is whsuite.com. Advertised schedule is currently to take pre-orders Jan / Feb then release an Alpha soon after that.
Here's the purpose of the thread: Let's help the developers - what would you like to see in a new billing and support product?
I'll start: In the interests of security, I'd like to see no encrypted files. Everything is readable by anyone. Security by obscurity doesn't work. Also, I'm weary of the lag between PHP releasing a new version and ioncube catching up with their loader (still waiting for 5.5 support, and it's not the first time - but let's not get sidetracked by going there)
Or, if the authors feel the need to protect their licensing infrastructure with ioncube, I'd like to see (i) the only file encoded is the one file that is required for that; (ii) the authors have appointed a well-respected programmer to audit and inspect that file, that programmer being willing to put their name and reputation behind the audit (an NDA would be expected for them); (iii) that auditor confirms that the file does nothing other than verify the license, and does not admit any security risks in the process; (iv) the MD5 file of that file is logged, and any changes to it are accompanied by a fresh independent examination.
Just a quick comment RE encoding. Our plan is to have a single file encoded for licensing. This file will be unique to each WHSuite client and will basically contain the license logic. The base file will be audited, however given all it will be doing is a periodic call to a license server, without and database access, shouldn't pose too much of a problem when it comes to security.
In an ideal world we'd not bother doing a license check, but not doing so makes it near impossible to allow reseller licenses and such as there would be little to no way of stopping piracy. Whilst encoding one file obviously won't stop people determined to pirate the product, it should stop the small timers from doing it.
We're still looking at, and are open to ways of getting around this though. If we can come up with a reliable way of licensing the product, without having to encode a file, we'd love to do it. However we need to be able to allow resellers, license distributors, etc to correctly issue licenses.
WHSuite - Billing, Automation and Client Management Software.