there are two or three secure ways, though none are absolutely secure, they
are quite annoying if you dont have the real keys...
Remember though that these are annoying and I as a customer hate programs
that do this. You'll also have to keep up with crackers and the lot... Which
means added development time and cost to you and the client. Finally, if it
goes wrong, make sure that as a developper the client signs an agreement
that he understands that nothing is 100% fool proof and that any loss of
data is not in your responsabilities..
So here's a few strategies:
- net authentification - encrypt a key based on the user's registration
number, send it to your authentification server on the internet and reply to
open the product to the client. Cons: requires a net connection.
- Scan the network for similar registration keys (the adobe, quark;
filemaker protection) - if the program sees another on the network with the
same key, quit!
- Save a hidden file in the C: disk or the startup disk or even the
program's folder or a hidden field in your stack with a signature of the
client and his PC. If the environment changes (it can and it will), make
sure the client can unlock it easily or self destroy the stack... But self
destruction is not recommended if it was the client changing PCs for
example... This is NOT a good strategy in the case that the client want's to
make a mirror running copy (a failover) to another PC...
- upgrade often (the microsoft strategy). Require the client to upgrade
every x months like a program functionality expiration... Annoying if you
are in a submarine or a jungle for a couple months.
- Deliver the program on a CD and require the CD to be in the drive to run
the program. CDs are copiable, so use a DVD instead... Read a semi random
bit on a very large file (larger than a normal cd of course) to verify that
it is the original DVD. Costlier... Very annoying... easy to bypass with
virtual drives.
- The best in my opinion is to have a key to be entered whenever the
environment changes. The key is based on a registration (incl. in the
software but different for each client) and the key is generated when the
client registers his product - annoying when you have to wait to get the
key - or requires a number to call, etc... (this is the OmniPage european
protection). The key could be time-sensitive and to be activated within the
day or week otherwise have to regenerate a new key - this is really brutal
for password crackers - the key could change every second!
- Dungles are hard to copy! But you'll have to make an external command to
read the dongle keys.
Speaking of encryption keys, PKs and algorithms, there's zillions on the net
and none are safe! It's also quite easier to just disassemble your program
and crack the key check handler in the program than to crack the key...
It's far easier to put a stiff price on the product and this will make it
harder for the owner to give a copy to a friend or colleague. But it will
deter less fortunate or career starting clients.
But that's just the tip of the iceberg. Double the cost of that particular
development if it's going to be cross platform too!
Good LUCK!!!
Xavier
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Monte Goulding
> Sent: Monday, September 25, 2000 12:35 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Licensing
>
>
> HI
>
> I have a possible client (my first one) that is very keen to secure the
> program I develop against illegal replication. I haven't found
> anything in
> metacard that helps me with this. Is there a computer id or
> something that
> can be accessed fom within metacard? What do other people do?
>
> Thanks to everyone who helped me with the ellipse thing. I have now found
> the equation for a superellipse and it suits my purposes perfectly. I can
> now find the coordinates of ellipses with different shaped curves.
>
> Also thanks to Xavier for the very simple method to determine whether the
> mouse is inside or outside the points of a polygon.
>
> Regards
> Monte Goulding
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
>
> Archives: http://www.mail-archive.com/metacard%40lists.best.com/
> Info: http://www.xworlds.com/metacard/mailinglist.htm
> Please send bug reports to <[EMAIL PROTECTED]>, not this list.
>
Archives: http://www.mail-archive.com/metacard%40lists.best.com/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
