Closed Thread Icon

Topic awaiting preservation: ASP - serial #'s / copyright Pages that link to <a href="https://ozoneasylum.com/backlink?for=13118" title="Pages that link to Topic awaiting preservation: ASP - serial #&amp;#039;s / copyright" rel="nofollow" >Topic awaiting preservation: ASP - serial #&#039;s / copyright\

 
Author Thread
Kaniz
Bipolar (III) Inmate

From:
Insane since: Jun 2003

posted posted 04-02-2004 03:15

Not sure if this is going to makle much sense, but you guys seem to be the smartest bunch on the net that I frequent on message boards so here it goes

Working on creating a web app, most likely will end up using ASP (note: dont bother with ASP vs PHP vs whatever arguments), ASP is what I know best at the moment, and it needs to be done in a short timeframe..

Anywho, I need to try and figure out how to copyright protect the software, and as its done in ASP the source code is wide open, which raises the problem of simply being able to comment out a few lines here and there to work around it.

However, that is only part of the problem, the first part is - How the hell can I generate a serial #/key, and validate it?

Its something i've never had to do or looked into doing before, so it has me scratching my head.

Basicly, I want to generate the serial # based on the domain-name that will be used to for the site.

So, I guess the proccess is something like.

-> Customer sends is domain name
-> We generate serial # based on name, send it back to them
-> they enter key into software
-> (some how, figure out how to not make this easy to get around) app checks serial key, checks address vs key, see if things are kosher, and lets things gel ...

However, its the generating the key, and then validating the key which is kinda stumping me, and cant seem to find any good examples on the net unless I'm looking in all the wrong places

anyone got any advice?


jdauie
Bipolar (III) Inmate

From: Missoula, MT
Insane since: Jan 2003

posted posted 04-02-2004 04:02

There is nothing you can do about the source code being open. It can be encoded with a Microsoft tool, but it can then be decoded with other simple tools in a second.

I have built in application validation in my ASP.NET applications, but those are compiled, so the source is not readily accessible. A serial number can be generated from something like an md5sum or a hash of the domain name. However, as you mentioned, it is easy to get around, especially if you know what you are doing. I can think of a number of ways to check the serial key, and "see if things are kosher", but they all can be gotten around by modifying the source code.

Examples:
1) save an md5sum of the source files to a remote webserver and have the app validate its own files periodically.
2) have the app download an important portion of its code from a remote webserver before it executes, so you can log where it is coming from.

#1 can be commented out of the code, so it doesn't help.
#2 would be too slow if you had to check retrieve stuff every time, and if someone knew how, s/he could intercept the data.

The bottom line is, that if you cannot trust your clients, you need to package everything important into dll's, etc., rather than counting on some obscure lines of code to hide deep in your application.

Kaniz
Bipolar (III) Inmate

From:
Insane since: Jun 2003

posted posted 04-02-2004 04:53

you have/know of any examples of using md5 sums with ASP? I cant seem to find a good example online.


I have debated going to ASP.NET with this project, and think it would be better in the long run. However, it'd take a bit of a learning curve for me (not that much, but enough that it'd take enough extra time to run over budget)

Would like to keep as much source open as possible to allow for a high level of modability on the users end if they wish to dig deeper and tweak it to how they want.

Was thinking of just putting the validation in a DLL along with some of the business logic, which is a /bit/ harder to get around, but .. if it can be hacked, it will be hacked. If companies like Adobe and Microsoft cant get 100% crack-proof stuff, I dont expect that i'll be able to do it, espcially in a web app where I lose control of the source once it leaves my hands.

But, need to have someething 'good enough' to please the person funding it.

[This message has been edited by Kaniz (edited 04-02-2004).]

« BackwardsOnwards »

Show Forum Drop Down Menu