SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    product activation ?

    dont laugh.

    trying to work out a reasonably reliable `product activation` routine for an app that will live on win32 boxes.

    I will have apache/php/mysql/gtk installed and available on client machine , the script itself is bcompile()[ed]r and includes a password/whatever in that script.

    then the installer could connect to an online DB and register that product (and allow only $x activations etc) , so far so good , biut how do I stop someone then just copying the app to another machine ? ... I can probably grab some machine specific info and store that somewhere and check if it exists each time the app is run but where ? and how do I stop peeps from finding that info etc /

    I have some ideas but thats all they are , any more are much appreciated.

  2. #2
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Guess if you can grab the machine specific info then all you'd need to do is put the lot in a string, add some "key" which only you know and use md5() to one way hash it (course you really have to trust bcompiler). The app could update your central server over SOAP or XML-RPC, which is where you store the hash. To check an installation your app reproduces the hash then compares it with the one on the server. Only problem then is the app needs to contact your server every time it runs.

    An alternative is a two way hash stored in a file. The file can only be created on activation. When the app runs it reads the file and decrypts the hash and checks the system info is correct. The risk is someone breaks your hash.

    Just my guesses - not really sure how this problem is usually solved on Windows.

  3. #3
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cheers for the feedback Harry.

    (course you really have to trust bcompiler).
    very true !!

    I ended up for now grabbing some machine specific data , crypting it with $salt stored elsewhere within the app and on the activation server.
    Each time the app runs it has to check the hash (against local data) which is a pain but not enough to worry about.

    The local copy of the hash cant be written unless the activation server gives the ok during activation and the app wont install fully until this has occurred. (since there will be no SSL here this is the weakest link I can find)

    Should anyone copy the hash that I have to save somewhere (since my efforts at recompiling the install script on the fly were unsucsessful) , then they wont be able to use the product without either messing around with the registry changing machine specfic data (which would probably stuff up windoze anyway) , or trying to reactivate which won't work sine the online server will know the hash for this particular user.

    ... I think this will do for the scope of this app but I think we need a solution for this in general ? I can hide $salt data in the compiled code but this would have to be unique for each user/liscence , fine for small runs but not-so if the app had a larger audience ?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •