Hi there!

I would like to request your opinion and advice on the most suitable format to release a CMS. I am the developer of Anderseno CMS, which has an official website and demo version available.

The installation of this CMS on HTML sites is straightforward as you only need to copy the files into a directory without any further editing or modifications required. However, a significant hurdle is that the source code requires encryption using ZEND for copy protection. Unfortunately, certain hosting sites may not support this encryption, even with the library installed, which makes it challenging for approximately 80% of our customers to install the CMS. The price of the license is only 1000 rubles.

To address this challenge, I have three potential solutions, and I would appreciate your advice on which one would be best:

1. Implement all editing and logic on the server, keep only executable files with a key from the client.

2. Release the CMS's open-source code and hope that it will not be copied or used without permission.

3. Provide the CMS for free, promote the brand, and make a profit from the sale of other products, such as demo-last.anderseno.ru/admin. However, code protection remains a concern.

What do you suggest?

P.S. I believe that hiding the code enhances the script's security since nobody knows what is inside.

I understood the first method correctly, and any of the three suggested methods seem valid. However, there are some nuances to keep in mind. The first method is unlikely to succeed because it requires payment.

The second method may not generate any income and will also not take off due to being paid. The third method is not likely to succeed because there is already too much free competition. Even if it does succeed, it may bring more problems than benefits. Despite this, I am leaning towards option 3 and would attempt to sell tech support as it has some potential for success.

However, it is a mistake to assume that hidden code increases reliability and security. It is similar to believing that an encryption algorithm unknown to attackers increases the cipher's reliability, which often leads to disastrous results for the defender.

ZEND is good, but in my opinion, a control panel should be installed on the user's server and the engine should be placed on the user's host with a unique key that verifies authorization. Users can update the panel and view the changes on the generated demo before clicking "Save." If the key is authorized, the changes are applied.

If there are any errors, the user will receive an alert with possible causes and solutions. A modal should appear after the changes are saved to prevent confusion. It should display a progress bar with the word "Saved." The engine should return a response of 1 or 0 to indicate success or failure, respectively.

Is there a reason why the cms cannot be entirely on zend? If there are concerns about security, why not avoid hosting it on your own server?

I am skeptical that your cms is any different than others available online. I have more ideas, but I prefer not to share them due to paranoia.

If I were you, I would consider making the service free for non-commercial use. This is because younger users and those who order websites on behalf of others are unlikely to pay. Additionally, it's important to have a system in place that can handle the sudden departure of an administrator without causing permanent damage to the server. To do this, it may be better to create a landing page constructor with a pseudo-admin panel where the template, content, scripts, and media files are stored on the client's hosting.

The admin panel would be loaded from your server, and the client's ability to change the design could be restricted. You could offer a free version with your own URL and advertising, as well as a paid version with a clean admin panel hosted on the client's URL. As a developer, I would want to have the option to work independently of your service and make changes to the site's source files or move it to a CMS.

However, if I wanted to give the client access or use your designer, I would pay for a license. If I granted access but didn't pay, the client would see your advertisement in the admin panel. Ultimately, it's up to you to decide what services to offer clients such as payment, site transfer, support, or something else.

I would suggest the following approach:

1. Implement all editing and logic on the server, keeping only executable files with a key from the client:
By centralizing the editing and logic on the server, you can maintain stricter control over the core functionality of the CMS. However, the challenge lies in ensuring that the executable files can function seamlessly on the client side. It's crucial to design this system in a way that strikes a balance between server-side control and client-side execution to provide a smooth user experience. Additionally, you'll need to implement robust security measures to protect the key and prevent unauthorized access to the executable files.

2. Release the CMS as open-source and rely on licensing and usage agreements:
Choosing to release the CMS as open-source comes with its own set of considerations. While this approach promotes transparency and fosters community collaboration, it also introduces the risk of unauthorized distribution and usage. To mitigate these risks, you can implement strong licensing agreements that clearly outline the terms and conditions of use. Digital rights management (DRM) features can also be incorporated to track and manage authorized usage, providing an extra layer of protection for your intellectual property.

3. Provide the CMS for free and generate revenue from complementary products and services:
Offering the CMS for free presents an opportunity to promote your brand and attract a wider user base. However, the challenge remains in monetizing this approach effectively. To achieve sustainable revenue, you can consider implementing a freemium model, where the basic CMS is available at no cost, but enhanced features, customization options, and premium support services are offered as paid upgrades. This can help drive revenue while still allowing users to access the core CMS for free.

A hybrid approach that incorporates elements of each potential solution may be the most viable option. By centralizing critical logic on the server, implementing robust licensing agreements, and offering a freemium model for additional products and services, you can strengthen the security of your CMS while ensuring accessibility and customer satisfaction. This comprehensive strategy can help safeguard your intellectual property while nurturing a sustainable business model.

User-friendly Interface: Ensure the CMS has an intuitive and user-friendly interface that allows users to easily navigate and manage website content.

Content Editing Tools: Include tools for editing text, adding images, videos, and other multimedia content, and formatting content without needing to understand HTML coding.

Template Customization: Offer the ability to customize website templates or themes to maintain brand consistency and adapt to changing design trends.

SEO Optimization: Incorporate features for optimizing website content for search engines, such as meta tags, keywords, and customizable URLs.

Responsive Design: Ensure the CMS and website templates are responsive, allowing content to adapt seamlessly to different screen sizes and devices.

Content Versioning: Implement version control to track changes made to content, allowing users to revert to previous versions if needed.