开发者

License Key for Java RCP application on VMId

问答 作者:

I have an RCP application build on Java 1.6. I am using Virtual Machine Unique ID on a machine as a number to identify a machine uniquely and generate license key based on this number.

I have done basic testing and it seems to work pretty good. I am able to uniquely identify each machine and VMId remains same for multiple sessio开发者_如何学JAVAns (restarts, log off etc). Also if I copy my software installation to a different machine, it doesnt work.

The only apprehension I have is that if this is perfect way to build a licensing algo for an RCP application. Are their any border edge scenarios where this can fail. I am very worried if somebody updates their java software, will that change VMId.

Waiting for expert opinions,

Naveen

If you see the default constructor of java.rmi.dgc.VMID 

public VMID() 
{
    addr = localAddr;
    uid = new UID();
}

then you will find that it depends on the hash of the IP address (which will be same for all the machine using the localhost or 127.0.0.1). But (and its a big but), it also depends on the java.rmi.server.UID.

Now as per javadoc:

An independently generated UID instance is unique over time with respect to the host it is generated on as long as the host requires more than one millisecond to reboot and its system clock is never set backward.

Now there is no machine which is available which reboots in less than one millisecond. The fastest one I have seen are MS-DOS (not sure about the boot time) and Google OS (takes 3-4 seconds, as per their promo).

So, I will feel safe if it is the only factor but I will still test the setting the system clock backward factor.

If I have to use your product on multiple machine but paying only for the one then I would install it on a OS running on VMPlayer or VirtualBox. This way I could distribute multiple copies of your tool. Have you checked this scenario.

Also, on my dev machine I normally have two differnt JDK (a latest one for playing around and a second one for client specific development). The VMID and UID classes are known have some issues earlier with multiple JVMs. Check this: http://www.velocityreviews.com/forums/t131825-can-we-generate-unique-id-from-java.html.

Also, have a look at this javadoc: http://fuseyism.com/classpath/doc/java/rmi/dgc/VMID.html

Normally, the licensing strategies I have seen are much more involved. Like (on windows machine) creating/using some registry key values, backed by some web service for one time registration, asking user for some salt value (like his/her name, age) and then generating license key from that.

So, finally if you are sure that your products user are not gonna use any virtualization technology (like vmplayer etc), there is no multiple JVM related issue and they might not have internet available for one time activation then go for it.

But keep in mind that for a determined attacker no software is too hard to break as it is evident from the number of pirated/cracked games and softwares available in market.

继续阅读:licensingrcpvirtual-machine

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9