Re: Licences & trial concepts
Re: Licences & trial concepts
- Subject: Re: Licences & trial concepts
- From: Paul Forgey <email@hidden>
- Date: Fri, 7 Apr 2006 23:06:37 -0700
I used to have a company that used a third party solution. And I
work a little bit in cryptography so my view about these things is a
bit critical.
There are many, many different ways to approach the problem but at
the base of things it's a DRM issue. As such, it's cryptographically
impossible to enforce (even with "trusted" hardware) as any solution
you run at involves keeping a secret somewhere on the client's
unrestricted machine. That's why copy protection never deters
professional pirates. There's a lot of money to be made by claiming
otherwise and selling black box solutions like dongles and wrappers.
Some of these do work reasonable well for preventing the vast
majority of casual infringement though. It's all about how hard you
want to make it to reverse engineer.
If you do anything that talks to your web server, make it very clear
what you are doing and why after asking the user. Otherwise you
could be accused of "phoning home" behind the user's back.
#1 and #2 are probably the easiest and most effective ideas relative
to the work involved in my opinion. There's very little stopping
somebody from locating the call in your executable to the validation
code and changing it.
On Apr 7, 2006, at 10:09 PM, Azza wrote:
Hi there everyone.
Im in the final stages of building a new application for osx in cocoa.
The next step for me is to develop a "30 day trial" and licence system
for... well... licencing :D
Theres a few concepts I had in mind:
* the tried and true, request a serial number, serial number is an
encripted
timestamp or something telling the app when to exprire, but thats
slow and
clunky for users who just want to use the application.
* the concept of creating a hash on my web server when the user
first runs
the application, keeping that stored on both the server and the users
computer, so if they ever try to re-install after their time has
run, the
server knows that they've run it before, and can boot'em... but
that means
the user needs to have a net connection to run the app, and the
type of app
it is renders that idea unsuitable
* i also pondered the idea of hiding the expiry timestamp somewhere
really
tricky within the apps bundle, like, as meta data of the
applications icon,
or embeded within some crazy file that the user wouldn't dare
modify... Im
kinda thinking that may be the best way, BUT it does mean they can
just
delete the bundle and download it again at any point to get an
extra "30
days" etc...
Then I was thinking for the licence itself, there would be an
encripted
string which would [ obviously ] mean something to the application
and allow
it to run..
I'd take it some of you would have had to develop things like this
before,
so I was wondering if you could give me some pointers/direction on
what
you've learnt through the process...
Any help would be most appreciated.
Cheers
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden