Morning all,
Sorry I wasn't able to participate over this last week, but my
oldest daughter Rachael, graduated this Saturday from the University of
Pennsylvania with a Masters degree in economics and international finance
and a place on the Dean's list! I can't even begin to say how proud I am of
her and this accomplishment, which because of her growing up in this
cultural wasteland of Schuylkill Cty., where teen pregnancy and drug abuse
top the list of "things to do", was twice as hard as it should have been!
So I was quite busy driving the 100 + miles back and forth between here, her
job at Vanguard in Philly where she's been managing self-insurance accounts
from around the world, to the University, and back again, trying to help get
everything ready for the ceremonies and other events. It made me realize
just how much I missed my own college days, and how great it would still be
if I even lived close to a college town! At least there would be
interesting people around to talk to!
So I've decided to make use of an encrypted license file for an app
I'm finishing up for an old client, and currently the way I've set it up is
to encrypt each string of the file separately first...with each string
containing data provided by the registering owner combined first with data I
provide about the app itself. Then the entire file is encrypted and
provided to the Registered own for automatic inclusion in the install
directory.
For both the individual strings and the File itself, I use a set of
"keys" hidden within the app's code itself, as part of other strings. The
app's security procedures finds and separates them for use in reading,
decrypting, and comparing the License File data to that which the app also
re-validates within the security processes.
My questions are these: Years ago we had a lot of discussion here
on how to handle such things as application and shareware registration
techniques so that registration and app integrity could be maintained and
verified as necessary, and one of the more frustrating things everyone
seemed to agree on was the simple fact that there were no "good" ways to
introduce an individual property like a string that could be used during
security checks. Something that was guaranteed to always be available to
ones validation code and that was also unique to each system the app might
be installed on. And I believe the one and only way to make absolutely sure
of this at the time was by using expensive solutions such as HASPs...an
impractical concept for most of us.
Lately I began checking out ways of dealing with this problem
differently and began looking for data strings unique to every installed
copy of a particular OS. Even taking my search as far as to the BIOS data!
For some reason I started taking a look at Product ID's and
Hardware profile info I'd checked out long ago, along with methods of
retrieving such read-only info at runtime.
Consequently, preliminary testing has provided me with some
interesting information and a possible solution to this problem. First, the
Operating system's own Product ID does not appear to be the generic string
repeated on millions of copies of Vista, and distributed around the world as
I had thought it would be! And it also appears that the Hardware Profile
GUID, also a string, may also be just as unique. If they truly are, these
could easily be combined as needed with each other and/or the Registered
owner/Username info to create an ID string that would make such security
problems simply disappear!
Using the JvComputerInfoEx freeware component available in most
versions of the Jvcl, it's easy enough to assign these read-only string
values to variables that could be employed as the base for all kinds of
security methods.
In talking to Microsoft about these particular strings, I was
assured that they are "constructed" dynamically upon installation, from with
the OS's own security methods, before being submitted to and saved by the
company. And if this is true, I can easily solve all my needs via encrypted
and recombinant versions of the same. BUT, before I will consider using
these strings, I can't help but require more validation than a Microsoft
phone tech in India can provide! <g>
So what does anyone else think? Those running more than one copy of
an OS...that is, more than one registered copy...can easily find out if they
are indeed different, and possibly even how and why they are! Also I'll
take the risk right here by providing these two strings as I find them in
JvComputerInfoEx1.OS. + as the following property values: OSVersion
wvWinVista, ProductName Windows Vista (TM) Ultimate, ProductType
ptProfessional, ServicePackVersion 1, VersionBuild 6001, VersionCSDString
Service Pack 1, VersionMajor 6, VersionMinor 0.
As well as under: JvComputerInfo1.Misc.HardwareProfile.GUID.
My ProductID = 89580-006-5738705-71882
My GUID = {0f694440-6a70-11db-8eb3-806e6f6e6963}
If possible, and if the other property values above are exactly the
same, please compare the ProductID and GUID strings listed here against your
own. I don't need to know what your strings actually are...just if they
match or not. Thanx in advance!
from "Robert Meek" dba "Tangentals Design"
Creative Concepts Programming for Windows Vista
E-mail: [email protected]
"...There no longer exists any communities...only special Interests." as
remarked by one Photojournalist and Writer in relation to the infamous
'Mapplethorp trial' of Cinncinate. I'm happy to know why this is true and
the protection it provides everyone from 1st amendment rights
violations...escpecially those in L.A. and Seattle!
As for New York, it's difficult to get worked up over a conglomerate of
special interests such as it represents, when opposition to every one and
every thing not their own has become its most apparent trait and appalling
attribute!
__________________________________________________
Delphi-Talk mailing list -> [email protected]
http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-talk
