Securing my Application
Eventually (fingers crossed) I would like to see my application on the market. I envision selling my application with timely licenses (monthly, annually, etc.) and only allow user access if they are within the confines of their license. For example, if I were to purchase a one month license of my program, after 32 days have passed from the purchase d开发者_StackOverflow社区ate I would no longer be granted full access to the application.
Some things I have thought of:
1) Writing / reading to registry keys (not recommended) - In this scenario I would create a registry key using encrypted information regarding the customer's purchase, and have my application check back and forth with registry, checking to see if the user has exhausted his license.
2) Reading from a web page (secure? NO!) - I was thinking of constructing a table, which would include information regarding all of my customers (Customer ID, license purchased, date purchased, etc.). Again, this information would have to be encrypted / decrypted which is not a problem at all. What if, though, the customer turned off their internet connection?
What would you all say is the most efficient AND most intelligent method for storing / reading customer information?Security is key!
Thank you, Evan
The most efficient is to give up on creating a totally secure application. Anyone that really wants to break the security system will be able to do so, for example by decompiling the code and commenting out the license checks.
I would go with a simple storage in the registry or in a file in %appdata% (e.g. storing all the purchase details in plain text form, together with a checksum value in a DWORD field). For most users it will make it easier to pay than to try to break the security.
To really protect the app from someone who wants to break it you would have to place some essential part of the application's logic in a web service, on servers under your control and then make all clients use it. Note that it is not enough with having a web service that the app just checks validity with, the web service need to perform an essential operation that the program won't work without. Then the "only" issue left is how to authenticate and authorize clients to use the web service and handle the issue that the app needs internet access. You also have to take into account any privacy/secrecy issues with the data transferred to your server for calculations.
Such an approach is hardly ever worthwhile, unless you have a really secret, valueable algorithm to protect.
精彩评论