• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Registering software
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Registering software

  • Subject: Re: Registering software
  • From: "Finlay Dobbie" <email@hidden>
  • Date: Mon, 13 Mar 2006 23:49:51 +0000
On 13/03/06, Nicko van Someren <email@hidden> wrote:
> On 13 Mar 2006, at 18:53, Finlay Dobbie wrote:
>
> > On 13/03/06, Marcus S. Zarra <email@hidden> wrote:
> ...
> >> What would your suggestion be for
> >> a registration schema for an Objective-C/Cocoa application?
> >
> > Something home-grown. Be creative.
>
> I disagree.  Designing a good system is complex, time-consuming and
> easy to do wrong.  Furthermore, security through obscurity just makes
> your application a more interesting target for hackers.

I have an input manager that will register all AquaticPrime
applications which use their Cocoa API. Surely obscurity is better
than that.

> > Securest form is probably the static library "Carbon" implementation,
>
> Certainly statically linked C code is going to be a much better
> option than an Objective-C framework.

Yes, but AFAIK there is no indication of that in the AquaticPrime documentation.

> I think you need to consider exactly what you are trying to protect
> against.  What's the threat model?  The vast majority of prospective
> customers will not patch binaries.  In practice fairly few people
> download illegal Warez, so unless you are trying to ring every last
> penny out of your insanely desirable program then actually your
> efforts are probably not best spent trying to make your program
> entirely hack-proof (which you'll never achieve anyway).

Right. I was just saying that these schemes are trivially hackable,
and I stand by that assertion. I have seen cracked copies of shareware
that retails for < $10, purely because it used the eSellerate
libraries. Whether or not that bothers you is clearly a value
judgement on your part, but it happens and it's potentially an issue.

> > The whole thing about "RSA encryption" and suchlike is clearly
> > irrelevant.
>
> No it's not.

It doesn't matter if the protection algorithm is mathematically sound
if you can trivially bypass it.

 -- Finlay
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Registering software (From: "D.K. Johnston" <email@hidden>)
 >Re: Registering software (From: "Marcus S. Zarra" <email@hidden>)
 >Re: Registering software (From: "Finlay Dobbie" <email@hidden>)
 >Re: Registering software (From: "Marcus S. Zarra" <email@hidden>)
 >Re: Registering software (From: "Finlay Dobbie" <email@hidden>)
 >Re: Registering software (From: Nicko van Someren <email@hidden>)

  • Prev by Date: Re: DragItemAround sample code
  • Next by Date: Mixing Cocoa and Carbon
  • Previous by thread: Re: Registering software
  • Next by thread: Re: Registering software
  • Index(es):
    • Date
    • Thread