On Feb 25, 2010, at 7:14 AM, Brian Postow wrote:
As a theorist I agree. You can't win that game. The hacker, if they re-write
the OS can always get around whatever you put there, and usually there are
easier ways than that.
OTOH, it depends a lot on your customers (or your customer's
No, I didn't really mean that, but obviously the less they have to go on the
harder it is for them to hack your code. Stripping the symbols out of your
binaries is a good start (but then you get lousy stack traces...)
I also use another, slightly more devious scheme alongside all the technical
On Feb 24, 2010, at 4:54 PM, Michael A. Crawford wrote:
I've purchased apps from other developers on this forum, which have
mechanisms for limiting functionality until a valid registration code has
been provided. I'd like to include this functionality in my own app but
don't want to
I've purchased apps from other developers on this forum, which have mechanisms
for limiting functionality until a valid registration code has been provided.
I'd like to include this functionality in my own app but don't want to create
it from scratch if I don't have to. To that end, I'm
On Wed, Feb 24, 2010 at 4:54 PM, Michael A. Crawford
michaelacrawf...@me.com wrote:
I've purchased apps from other developers on this forum, which have
mechanisms for limiting functionality until a valid registration code has
been provided. I'd like to include this functionality in my own
On 25/02/2010, at 9:00 AM, Sherm Pendley wrote:
I've heard good things about Aquatic Prime:
AP is certainly very easy to use, but it's also extremely weak, and has already
been widely cracked, so you might want to take that into account.
--Graham
On 24 Feb 2010, at 21:54, Michael A. Crawford wrote:
I've purchased apps from other developers on this forum, which have
mechanisms for limiting functionality until a valid registration code has
been provided. I'd like to include this functionality in my own app but
don't want to create
Thanks, Sherm. I'm not a fan either. This is a client request.
-Michael
On Feb 24, 2010, at 5:00 PM, Sherm Pendley wrote:
On Wed, Feb 24, 2010 at 4:54 PM, Michael A. Crawford
michaelacrawf...@me.com wrote:
I've purchased apps from other developers on this forum, which have
mechanisms for
I rolled my own. I was not about to put all that effort into developing the
app and have someone steal my work from under my nose.
For validating the license key, I would recommend some form of digital
signature rather than just a simple checksum. I used a checksum first time
around and it
Not really a Cocoa question... Don't know where else you'd ask it though.
The macsb group has this topic discussed to death.
http://tech.groups.yahoo.com/group/macsb/
IMHO all code is mutable.
Regards
Jonathan Mitchell
Developer
http://www.mugginsoft.com
Thanks for the pointer to the more appropriate group. I'll go check it out.
-Michael
On Feb 24, 2010, at 5:37 PM, jonat...@mugginsoft.com wrote:
Not really a Cocoa question... Don't know where else you'd ask it though.
The macsb group has this topic discussed to death.
Jeez, Paul, thanks for the thorough answer. I'm not new to public/private key
encryption or digital sigs, I was just hoping not to have to do it myself. Due
to the extra time involved. Still, if this is what the client wants, I'm
obliged to get it done.
Part of your response suggests that
On Feb 24, 2010, at 2:57 PM, Michael A. Crawford wrote:
Part of your response suggests that if there was an existing
framework that was openly available, it wouldn't do me any good
because the bad guys would have the source code. I don't know if
that is your thinking but this thought had
On 24 Feb 2010, at 22:57, Michael A. Crawford wrote:
Part of your response suggests that if there was an existing framework that
was openly available, it wouldn't do me any good because the bad guys would
have the source code.
I disagree. If it's based on a tried and tested (and
On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
I disagree. If it's based on a tried and tested (and occasionally
formally verified) crypto system, knowing the algorithm doesn't lead
to a crack. Weaknesses would come through bugs in the framework (or
incorrect application of it), and the
On Wed, Feb 24, 2010 at 5:05 PM, Graham Cox graham@bigpond.com wrote:
On 25/02/2010, at 9:00 AM, Sherm Pendley wrote:
I've heard good things about Aquatic Prime:
AP is certainly very easy to use, but it's also extremely weak, and has
already been widely cracked, so you might want to
On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
On 24 Feb 2010, at 22:57, Michael A. Crawford wrote:
Part of your response suggests that if there was an existing framework that
was openly available, it wouldn't do me any good because the bad guys would
have the source code.
I disagree. If
This can be quite a religious argument, but speaking from experience of code
that's been rigorously hacked time and again, the only effective way to disable
parts of your code is to not have that code in the executable. E.G. a compile
a demo version, and a real licensed version. Having code
On 25 Feb 2010, at 01:41, Greg Parker wrote:
On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
On 24 Feb 2010, at 22:57, Michael A. Crawford wrote:
Part of your response suggests that if there was an existing framework that
was openly available, it wouldn't do me any good because the bad guys
On 25 Feb 2010, at 01:45, Chris Williams wrote:
Having code execute dependent on some switch, regardless of the number or
sophistication of the switches, can be hacked.
But then once you sell the licensed version you've given it to someone who
might distribute it on, so that's not foolproof
Michael A. Crawford wrote:
Jeez, Paul, thanks for the thorough answer. I'm not new to public/
private key encryption or digital sigs, I was just hoping not to
have to do it myself. Due to the extra time involved. Still, if
this is what the client wants, I'm obliged to get it done.
Part of your response suggests that if there was an existing
framework that was openly available, it wouldn't do me any good because
the bad guys would have the source code.
I disagree. If it's based on a tried and tested (and occasionally
formally verified) crypto system, knowing the
On Feb 24, 2010, at 5:23 PM, Paul Sanders wrote:
Not really a Cocoa question... Don't know where else you'd ask it though.
I've been having good luck with getting general programming questions answered
on www.stackoverflow.com...
Brian Postow
Senior Software Engineer
Acordex Imaging
23 matches
Mail list logo