What you’re asking about is unethical. Even if you don’t get paid, it’s unethical, and probably illegal if they own the server.
Never deliver a product without receiving compensation. Half-down before you start, remainder when they approve the project. Only after approval does it go on their servers. Set up your own servers for them to review, or build in the cost of a VPS from linode.com into the contract so you can stage their stuff. There are lots of options.
In business, people will try to take advantage of you if you let them. If you’ve done all the work and the client has the end results, why should he pay you?
I feel this approach is pointless. A client can always mine your code and remove your 'self
desctruct' sequence. Anyone who is out to screw a developer is going to be on guard (paranoid)
because they know their days are numbered.
I think that relying on the application to be able to delete itself is
too dependant on things that you don't have any control over (file
ownership/permissions being the key here). I'm also leery of the
legal aspects of deleting something (even if it is stolen software) on
someone else's machines.
If you are intent on being able to "turn off" your code there are two
things that jump out at me right away...
1) Add some kind of "software key" to your application... it could be
a table with "authorization" and "expiration" columns, or a file in
config/ or something like that. Check for that somehow (before_filter
on all/key controllers?) and if the authorization has expired,
redirect to a "Your licence to use reallycoolwebapp 2.0 has expired"
When they pay in full you can either grant a licence that never
expires, or just turn off the licence check totally.
2) Add some kind of "call home" mechanism to the application, so that
on a regular basis the app checks with you to make sure it can still
be run. You maintain a webserver that chucks out an XML file (or
something) that grants the app permission to continue running. If the
client refuses to pay, you revoke the licence on your end, and
reallycoolwebapp 2.0 is turned off for them.
As a non-compiled language, anything you try to do risks being found/
disabled by the client. #2 might be slightly more resilient to that,
but I would imagine that someone could just turn off the entire
checking mechanism without too much work. You could try hiding it in
your own plugin, that might make it a little more obscure. However
doing #2 requires that you keep that server up forever...
If I were to do either of the above options (or anything else like
this)
The majority of the responses (including yours) seem to say "it is not worth doing since the client
can get around it". I dont see how that is not a valid answer...