hi!
palm-dev-forum: this mail is being posted ONLY once, since it
is not a 'direct' palmos posting, please dont
send replies to this message to the forum. It
is an issue for developers, hence it has been
sent here.
Kenny, Andrew.. i am sending this to BOTH of you now, so
i dont show any bias towards PGHQ or PalmCentral when offering
my services to get something implemented that should have
been done a LONG time ago - and something which developers
have probably wished for a while.
BACKGROUND:
===========
Currently (as of 23-Aug-99), any real time fulfillments can
ONLY be done by a developer that uses a SERIAL number, or
issues seperate registered and shareware versions of their
software.
The problem with this is the issue of 'piracy'. Having no
method to ensure that the purchaser can only use the program
on thier OWN hardware is an issue when it comes to the
developer feeling secure about the distribution of his/her
software.
I personally use the 'HotSync UserID' of a palm user to
generate a registration code. This allows ONLY that user
to use the program with that specific registration code
(it means they cannot give a copy to their friends etc).
WHATS IN THE WORKS:
===================
PalmCentral and PGHQ working on an implementation of the
RegCode code generation system. This may help a lot
of developers, however it does not suit everyone (including
myself).
It is not wise to use a 'common' technique for registrations.
Hackers love cracking.. If all developers use the same technique
for registration schemes, then all a hacker needs to do is
identify a particular signature (byte codes) and then they
know exactly where to find the 'code generating' algorithm.
I personally use a custom system, which will NOT be compatable
with the RegCode implementation. Not everyone uses this
technique - so you only make a few developers happy (and
forcing people to use RegCode is not nice).
WHAT I PROPOSE:
===============
I have mentioned this to both PGHQ and PalmCentral, and ALSO
the palm-dev-forum mailing list - i got a few responses from
the developers, but not much from the 'commercial' side.
I have developed a Java based system for registration schemes.
Java = Platform Independant etc. etc. etc..
- see http://java.sun.com/ for marketing info and other
jargon.
But this is the theory:
a) developers write custom .class files which implement their
regcode algorithms.
+ they dont need to supply the source code to anyone
+ they can 'obfuscate' the classes, to prevent decompilation
by anyone.
- they need to know a LITTLE bit of Java
(well, C/C++ is good enough) - and since the majority of
people use C anyhow, this should not be a problem.
b) commercial distributers use the .class files during purchases,
executing them to generate a custom registration code from
the userID being given from the customer.
+ Java = secure
With the use of a Security Manager, the commercial distributer
can SAFELY execute the .class files on his/her server
+ Java = dynamic
You dont need to reboot your machine after you install a new
.class file - Java will load it dynamically.
- they need to store the .class files on their server
(which are very small anyhow)
They key behind all this is that the developer has to write a
Java class which implements the following Interface:
---
public interface Function
{
public String generateCode(String userID);
}
---
for example:
---
public class Testing
implements Function
{
public String generateCode(String userID)
{
short result;
result = (short)0x0000;
for (int i=0; (i < userID.length()) && (userID.charAt(i) != ' '); i++)
{
result += (byte)userID.charAt(i);
}
return "" + result;
}
}
---
As you can see, the core of Java is simply C (or C++).. it
does not get any harder than above.
It will be very easy to develop another class called
"RegCodeFunction" that has an implementation for the RegCode
algorithm scheme. It can be easially generated so that developers
of this scheme simply define their 'FUNCTION' inside the class,
and the Java does the rest.
I have developed a prototype which performs this 'dynamic'
loading of the class files.
---
boxman(ardiri): java JRegCode Testing ardiri
JRegCode v1.0
(c) Aaron Ardiri
Testing
userID: ardiri
regCode: 635
boxman(ardiri):
---
Interested in getting it implemented on your servers? You will
reach a LOT more developers for real time fulfillment.
As a developer (for those on the palm-dev-forum), how do you
feel about this scheme? Do you think you would use it? What
do you think can be done to improve it etc? When would you
like to see it?
Send comments directly to myself at "[EMAIL PROTECTED]"
I am willing to write a tutorial of how to write your own
custom routines (remember, Java has slightly different
data types from C), and help get the code on your servers.
You both NOW have my contact details. I am willing to help get
this implemented - all you have to do is contact me. My contact
number is:
+46 70 656 1143
and i am available all the time.
cheers.
az.
--
Aaron Ardiri
Java Lecturer http://www.hig.se/~ardiri/
University-College i G�vle mailto:[EMAIL PROTECTED]
SE 801 76 G�vle SWEDEN
Tel: +46 26 64 87 38 Fax: +46 26 64 87 88
Mob: +46 70 656 1143 A/H: +46 26 10 16 11
