Hi,
I am about to implement security codes which verify
the user/site is allowed to run my software. I am envisaging that each site will
be given a code and each code will be built using the site/company name and an
expiry date. Thus the code won't work if the site name is different, nor will it
work after the expiry date (naturally it also won't work for a different
product).
OnGuard from TurboPower provides exactly these
features. As far as I can see it works as follows:
You embed a unique and private
product key in the application.
The user enters the code they
obtained for their product.
The application checks the code
by building a new code from the product key, site name, expiry date and
checks it against the code the user entered. If they match then everything is
OK.
My problem with this is that the product keys need
to be embedded in the application. With these keys and their own copy of OnGuard
a user/hacker could build their own valid codes for any site name or expiry
date. I don't know how hard it would be for a hacker to extract the keys from an
application (the recommended approach for embedding them would appear to be
constants of type TKey which is a 16 byte binary value) but I suspect
it wouldn't be too hard.
Has anyone considered this issue before? Is there a
way of encrypting the keys in the executable so that they are harder to
obtain or does Delphi make it hard enough as it is? Or is there a
better tool than OnGuard out there?
Thanks for your help.
David Brennan.
DB Solutions Ltd. |
- RE: [DUG]: Software Expiry Codes - OnGuard David Brennan
- RE: [DUG]: Software Expiry Codes - OnGuard Max Nilson
- Re: [DUG]: Software Expiry Codes - OnGuard David Brennan
- Re: [DUG]: Software Expiry Codes - OnGuard Mark Howard
- RE: [DUG]: Software Expiry Codes - OnGuard Patrick Dunford
- RE: [DUG]: Software Expiry Codes - OnGuard Peter Hyde
- RE: [DUG]: Software Expiry Codes - OnGuard Max Nilson
- RE: [DUG]: Software Expiry Codes - OnGuard Peter Hyde
- RE: [DUG]: Software Expiry Codes - OnGuard David O'Brien
- RE: [DUG]: Software Expiry Codes - OnGuard Martin Paulo
- RE: [DUG]: Software Expiry Codes - OnGuard Max Nilson