Where should I store license data locally? [closed]
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
开发者_StackOverflowClosed 7 years ago.
Improve this questionCurrently, I do a database check every time a client opens my application — they enter their login information, and my app then runs their info through the database and see if it matches. It works flawlessly, except that this method won't do me any good if I am creating software that does not use the Internet (hence, I cannot always expect that the user is connected to the Internet whenever they press the login button).
To do the initial license check is no problem, however once the details have been verified once on the user's PC, I suppose I need to store something locally to check for the next time the user opens my application.
How do you go about storing licensing data locally? I have been reading up about it, and apparently decrypting the license data is a big no-no, if I want to avoid keygens. Do you use the registry, or a file?
Storing license information in a file or registry is fine. But you have to decide if licensing the software licenses it for
- everyone on that computer
- just that user
That decides if you have to store it for all users (HKLM
, CommonAppData
) or just the current user (HKCU
, AppData
).
Both are fine.
i suggest that you don't be stupid go overboard. Don't tie the license information to hardware keys, MAC addresses, serial numbers - because then i lose access to my own software when i change computers.
It's good enough to have a encrypted, signed, base-64 encoded license file, that contains their Name and Company.
If you want to bind the license to the hardware (see the discussion), there is no strong need to "hide" your license information. But it has to be encrypted, of course. Copying the license information does not help your user, because it is valid only on one computer. (This is only true, if your user can not simply "log on" and auto-activate a new computer. But if thats the case, what sense does your license make?) Binding to the Hardware includes the serial of the HD and/or the MAC. You can store this information in an file or in registry, see Ian's answer. Binding to the hardware includes some kind of "manual" activation or restriction to the number of computers, every licens is legal to activate, or it would be sensless.
If your app uses a database, or other persistent data store, put the license info in there, and also in the registry. If either gets wiped out, revive from the other one.
I personally do not like the idea of license information.
I totally understand the need for it, mind you, but still it does not turn me on :)
Joel Spolsky has very good articles on this very topic but the bottomline is: crackers do not crack software to save money(most of the time) rather to demonstrate they can. Thus, even the most intricated, complicated, totally reckless license schema will ultimately be blown up by some cracking teenager or worse.
The only real protection scheme that works is one where you have a piece of hardware which can't be detatched from the application because it contains crucial code to be executed. But that costs money, a lot, and possibly a dedicated compiler and dedicated code. With all the limitations of the hardware, i.e. you can't have too much on it or you'll end up in trouble :) And you're still having an issue because some cracker will eventually dump the hardware and duplicate it. All in all, it's not worth the effort either.
But then, this is just my opinion...
Andrea
If you store the information in registry/disk file anybody can EXTREMELY EASILY find it and copy it to a different computer (even share it over internet). If you don't want to have your key 'leaked' over internet, you should consider making your key work in a single computer (hardware specific keys).
See this DLL for Delphi.
精彩评论