I am doing contract work for various clients and I was wondering how best to go about safeguarding myself against non-payment. The projects will be ASP.NET web applications, most likely intranet-based.
I don’t have any more details than that. I imagine that the client will want to run and test the applications from their side before making any payment. Is there any way I can “package” the application so that they can’t access the source code? Is there an easy way I can make the application break after a certain number of days unless it is “unlocked” by me?
3
Unless you install your ASP.NET application on hardware that you alone have admin on, no. An unscrupulous client can take it without paying, and pay some unscrupulous programmer to work around any trap you leave.
Include clauses in your contract allowing you to collect both interest and collection expenses if they fail to pay on time, and requiring that they destroy any software you provide if they reject the final product. The whole point of having a contract is for when things do not go as planned, and no amount of shenanigans in the program will let software do a contract’s job.
Of course, that said, the way to avoid the issue altogether is to host the development code yourself on something like Windows Azure, and only install it on their hardware after you’ve been paid for development. (Deployment and admin are separate functions that you can either not provide or bill separately for.)
Since your source needs to be on the web server and the server needs to read it, it’s pretty difficult to protect your code unless you alone control the server.
The client will want to see the product working but that doesn’t necessarily have to be on their server/network. If you can mock up the client’s environment (required databases, etc.) you can stand up a demo machine which demonstrates that the work has been completed and that there’s code to hand over in return for payment. (If you can’t do this, how are you effectively developing and test the application?)
That said, unless you have good reason to question the intentions of your client, it may be counter productive to be over protective. There are people out there who will try and screw you over, but if you’re dealing with a legitimate company and have agreements in writing you’ll usually be ok. If you’re co-operative and trusting the client will often reciprocate and it may result in more work in future.
1
Can you be more specific than just ASP?
Standard MVC ASP has all the models and controllers compiled, so the client just gets binaries and views. While it’s much easier to reverse engineer than say C, it’s still often more hassle than just paying the developer. And then you can program in whatever time limitation you want.
I’ve also always had luck by splitting work into smaller billable units. It’s much easier for a client to pay $1000 in 10 chunks, than $10000 all at once. Especially if they don’t get the next feature until they’ve paid. Worst case and they don’t pay, you’re only down 10% of the time, and because the client sees regular checkpointed progress they’ve happier (provided you do good work). Everyone wins.
So then you can give them the first bit of work to demo, then once that’s settled they get the next bit, and so on.
Is the intranet closed to the outside world? Otherwise you could you extract some components from the architecture and provide them as a service on an external server that you control, given that the architecture itself allows it.
Hire a good intellectual-property attorney to write you a good, solid contract. Then, take your “counselor’s” advice on how to use it properly. “Mind your P’s and Q’s.” Be sure to get signatures on everything.
Retain your attorney. They really don’t cost that much (and their fees are tax-deductible). One day you’ll be very glad you did. (Trust me on that one …) You’re an expert on computers. They’re experts on the law. Don’t go into business without one, because “they know what you don’t know(!) that you don’t know.”
Don’t bother with obfuscation or other attempts at copy-protection. Don’t worry about your customer refusing to pay you. That’s “material breach of contract,” and nobody wants to go there if it’s their signature on a contract and accompanying work-orders. Focus instead on doing the very best possible work for your client, then give him or her a stack of your business cards. Frankly, show them also that you trust them and are treating them with courtesy and respect. “Word gets around quickly,” and those business cards will quickly be handed out, because: professionals(!) can be very hard to find!