Self destruct your application?

What you’re asking about is unethical. Even if you don’t get paid, it’s unethical, and probably illegal if they own the server.

Never deliver a product without receiving compensation. Half-down before you start, remainder when they approve the project. Only after approval does it go on their servers. Set up your own servers for them to review, or build in the cost of a VPS from into the contract so you can stage their stuff. There are lots of options.

In business, people will try to take advantage of you if you let them. If you’ve done all the work and the client has the end results, why should he pay you?

I feel this approach is pointless. A client can always mine your code and remove your 'self desctruct' sequence. Anyone who is out to screw a developer is going to be on guard (paranoid) because they know their days are numbered.

-- Long - Find your way - No-Cookie Session Support plugin

Oh for goodness sake, just answer the question...

I think that relying on the application to be able to delete itself is too dependant on things that you don't have any control over (file ownership/permissions being the key here). I'm also leery of the legal aspects of deleting something (even if it is stolen software) on someone else's machines.

If you are intent on being able to "turn off" your code there are two things that jump out at me right away...

1) Add some kind of "software key" to your application... it could be a table with "authorization" and "expiration" columns, or a file in config/ or something like that. Check for that somehow (before_filter on all/key controllers?) and if the authorization has expired, redirect to a "Your licence to use reallycoolwebapp 2.0 has expired" When they pay in full you can either grant a licence that never expires, or just turn off the licence check totally.

2) Add some kind of "call home" mechanism to the application, so that on a regular basis the app checks with you to make sure it can still be run. You maintain a webserver that chucks out an XML file (or something) that grants the app permission to continue running. If the client refuses to pay, you revoke the licence on your end, and reallycoolwebapp 2.0 is turned off for them.

As a non-compiled language, anything you try to do risks being found/ disabled by the client. #2 might be slightly more resilient to that, but I would imagine that someone could just turn off the entire checking mechanism without too much work. You could try hiding it in your own plugin, that might make it a little more obscure. However doing #2 requires that you keep that server up forever...

If I were to do either of the above options (or anything else like this)

:~) I love it!

When you get it figured out, will you release it as a plugin?

The majority of the responses (including yours) seem to say "it is not worth doing since the client can get around it". I dont see how that is not a valid answer...

-- Long