Hi,
I am about to implement security codes which
verify the user/site is allowed to run my software. I am envisaging that
each site will be given a code and each code will be built using the
site/company name and an expiry date. Thus the code won't work if the site
name is different, nor will it work after the expiry date (naturally it also
won't work for a different product).
OnGuard from TurboPower provides exactly these
features. As far as I can see it works as follows:
You embed a unique and
private product key in the application.
The user enters the code
they obtained for their product.
The application checks the
code by building a new code from the product key, site name, expiry
date and checks it against the code the user entered. If they match
then everything is OK.
My problem with this is that the product keys
need to be embedded in the application. With these keys and their own copy
of OnGuard a user/hacker could build their own valid codes for any site name
or expiry date. I don't know how hard it would be for a hacker to extract
the keys from an application (the recommended approach for embedding them
would appear to be constants of type TKey which is a 16
byte binary value) but I suspect it wouldn't be too
hard.
Has anyone considered this issue before? Is
there a way of encrypting the keys in the executable so that they
are harder to obtain or does Delphi make it hard enough as it
is? Or is there a better tool than OnGuard out there?
Thanks for your help.
David Brennan.
DB Solutions
Ltd.
