copy protection AGAIN.

[newtofoxpro]

I am developing and distributing my application developed in fpw26 from last 10 years. For copy protection I am using BIOSDATE. For some reason, I am going to migrate my application in VFP8. I used SEARCH tool to find out similar post. And I found like CPU-ID, HDD-Serial No., Mac-Address etc., It's good information works similar to BIOSDATE.

Please don't advise " Copying is the best way of 'advertising' the app you want to sell. "

I have distributed my application where I can't go, its far away from my city. BIOSDATE works fine for me. Yet, I know my user mis-using my application. How ?

For the first time I installed myapp to user-pc and locked by BIOSDATE. After couple of months user ring/phone me, "MY PC CRASH-BURN-OUT OR I UPGRADE WITH NEW PC AND I SAVED ONLY MYAPP.DBF, I HAVE PURCHASED NEW PC. SO PLEASE SEND ANOTHER COPY" I have to trust him, and send another copy.

One solution I found is USB-PEN-DRIVE.

oWMi = getobject("winmgmts://")
col = oWMI.ExecQuery("Select * from win32_diskdrive")
OutString=""
for each disk in col
OutString=disk.PNPDeviceID
IF OutString="USB"
EXIT
ENDIF
NEXT
RETURN OutString

I am not sure, how it is safe. Please advise, is it safe ? As well as I wish to know how expert members distribute their application ?

 

[Mike Lewis]

You say:

"I HAVE PURCHASED NEW PC. SO PLEASE SEND ANOTHER COPY" I have to trust him, and send another copy."

You have just highlighted the core of the problem. You have a legitimate reason to restrict the use of your application. But whatever method you adopt, it's going to cause some inconvenience to the genuine users.

In this case, the inconvenience is that they have to ask you for a new copy of the executable whenever they replace their PC. You've put them in this situation, yet you are reluctant to send the new copy. You can't have it both ways.

As far as the pen drive solution is concerned, this will probably work, but again, at a cost of user convenience. If the user loses the drive, or something goes wrong with it - or they simply don't have it handy when they want it - they will be locked out of your app.

Ultimately, it's a business decision. Is it worth inconveniencing - and possibly alienating - your users in return for a perceived reduction in the risk of people pirating your software?

Mike



__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips, training, consultancy

 

[Mike Lewis]

Just to add a note:

In my present project, the solution we have adopted is to have the app send the user's IP address to a server, where we check it against a database of authorised users.

This completely avoids all problems caused by hardware being replaced or USB keys being lost. But it still restricts the legitimate user, who now needs an Internet connection to use the app, and can only do so from his usual physical location. He can't, for example, sit in a coffee shop or on a plane and run it from a laptop.

I'm not advocating this solution. It wasn't my idea. It was a business decision made by my client, based on the trade-off of protecting the software and making it as easy as possible to use.

I'm sure other forum members will have their own ideas.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips, training, consultancy

 

[GriffMG]

What I do is require an activation key - in answer to the serial number that the app generates, when the app is first used on any machine. The user has to phone me or email if he/she prefers.

This gives me a chance to set things like a trial period, read-only or other options.

If the user maintains his telephone support, he can have a new activation number for free if he explains what has happened (new pc, stolen, old one destroyed etc.) as many times as I feel reasonable - i.e. if he/she asked to have it replaced three times in a week... I would be suspicious. If the support lapses, he has to buy it (a years worth, not back dated) to get a number - although I would normally issue a trial number immediately, and then follow it up later when the purchase order arrives.

It's not perfect, but it works for me.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

 

[newtofoxpro]

Thanks for reply.

" But whatever method you adopt, it's going to cause some inconvenience to the genuine users. "

I agree, I should take care of my genuine users because only genuine users are running my business.

Another option is my dream. But I don't know how to do it. Please advice if you know.

I should make a database containing USER_ID, COMPUTER_INFO. And this database should be installed at server. Every user has it's own ID & unique computer info. Whenever myapp starts it should go to server via internet and check. User ID should generate like sys(2007,'CPUID+MAC_ADD..etc.)

 

[Mike Lewis]

Yes, that's similar to what I mentioned, re checking the user's IP address. It has the same trade-offs. Except that if you're checking the CPU ID and MAC address, aren't you going to have the same issues when a user replaces the machine? But at least you can make the change remotely, without having to physically send anything to the user.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips, training, consultancy

 

[Nigel Gomm]

fwiw

with one app i use a licence key based on the user's company name and max concurrent users; because the app is primarily used to generate invoices, statements, legal documents etc all of which show the company name it prevents all but the more determined and knowledgeable (which does not describe my customer base) from using an illegal copy effectively. Controlling the number of concurrent users is a separate topic.....

I have also used, and can recommend, esellerate to handle the licencing, downloading and payments for a different app.

http://www.esellerate.net/activation.asp

hth

Nigel

 

[newtofoxpro]

Thank you Mike & nigel

Should I go in following order..

1) Purchase FTP server space.
2) Build DBF and upload to FTP server
3) Whenever myapp runs " maypp should use FTP-SERVER-DBF and check legal copy.

Is FTP-SERVER is safe for this type of job ?

Thanks

 

[GriffMG]

You're kind of limiting usage to people with internet access only under these circumstances. Is that likely to be a problem?

Don't forget, if your server is down for any reason - the users will not be able to run your system.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

 

[newtofoxpro]

if your server is down for any reason - the users will not be able to run your system."

Your comment is valuable for me. Thank you.

If I create myapp.lic file as under.

(MAC_ADDRESS c(50), NO_OF_EXCUTION_MYAPP N(2)).

This file is part of myapp.exe and can be find in the same folder. Same file content stored in FPT-SERVER.

Whenever user runs myapp.exe. myapp checks MAC-ADD = MAC-ADD stored in myapp.lic. Proceed if matched. Then it counts # of execution and stored in myapp.lic. replace NO_OF_EXCUTION_MYAPP with NO_OF_EXCUTION_MYAPP + 1

15 execution is free from FTP-SERVER-UPDATE. If user is OFFLINE no problem. myapp.exe always seek for ONLINE-UPDATES when it starts.

Whenever user is ON-LINE myapp.exe checks myapp.lic (info) = FTP-SERVER (info) If it is matched, then NO_OF_EXCUTION_MYAPP replaced by 0 again.

 

[GriffMG]

You might do better publishing your application via the Application Jukebox system that Endeavors Technologies provides.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

 

[Mike Lewis]

Let's see if I've understood this right. You're saying that, if the user doesn't have an Internet connection or your server is down, they can still run the app up to 15 times. After that, they will have to connect to the server, at which point the count is reset. So next time the server is down, they will have another 15 attempts, and so on.

Have I got that right?

I can still see a couple of problems with that.

First, you say your lic file is in the same folder as the executable. A knowledgeable user could open the file and set the count back to zero. He then makes sure always to launch the app without being connected to the internet (by blocking the app in the firewall, for example). When he has had his 15 attempts, he just resets the count again.

Second, you are still limiting the user to a single computer (a single MAC address). True, if he replaces the computer, you only need to edit the MAC address in the server copy of the file; you don't have to send out a fresh copy of the software. But you are still imposing constraints on what computer the user can use, without any obvious benefit to him. For example, if he wants to work on his computer at home, he can't.

I think that before you tackle the technical problems, you've got to consider the business issue. To what extent are you prepared to inconvenience your customers? And what is the true benefit to you of not allowing your app to be copied?

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips, training, consultancy

 

[GriffMG]

I'm with you there Mike.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

 

[newtofoxpro]

A knowledgeable user could open the file and set the count back to zero."

All information is stored in encrypted format. And believe me, A knowledgeable user can not alter this. Please accept.

Thank you again for multiuser comment.

One funny sentence "Life of pirated user is more easier then the original user

 

[GriffMG]

If it were me, I would simply copy it (the encrypted file) before I left the internet, and then just keep overwriting the live one with that copy each time I used it... that would probably keep me going.



Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

 

[newtofoxpro]

If it were me, I would simply copy it (the encrypted file) before I left the internet, and then just keep overwriting the live one with that copy each time I used it... that would probably keep me going. "

Griff,

Good thinking.... Let me scratch my head...

 

[newtofoxpro]

Mike,

Instead of thinking this & that, I should concentrate on your post.

"In my present project, the solution we have adopted is to have the app send the user's IP address to a server, where we check it against a database of authorised users."

How do you do this... Can you post details. I want to implement.

Thank you.

 

[Mike Gagnon]

You can get the local IP address for current computer like this:

oWS = CREATEOBJECT ("MSWinsock.Winsock")
? oWS.LocalIP

Mike Gagnon

If you want to get the best response to a question, please check out FAQ184-2483 first.
ReFox XI (www.mcrgsoftware.com)

 

[Mike Lewis]

Newtofoxpro,

I can't give you much details on the method we used, because it wasn't done in Foxpro, and is outside my expertise.

But I'll do my best.

The capture and check of the IP address is done on the server - by definition. So it needs to be done in a server-side language, like PHP or ASP. I believe the person who did it in our case used ASP.NET. I didn't have anything to do with that side of things.

All these server-side languages have a way of capturing the visitor's IP address. It's then a simple matter of querying this against a database table of valid users.

In the client (FoxPro) application, you just need to issue a request against the server in order for your IP address to be transmitted. An easy way to do that is to use West Wind's wwClient library, which has a function for issuing a simple HTTP request. You can also use the Microsoft Internet Transfer Control that comes with VFP.

I'm sorry I can't give any more details. I was responsible for programming the business side of the application, not the communication or authentication issues.

I would image the technique would be completely familiar to a PHP or ASP.NET programmer, so you could try asking in a relevant forum.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips, training, consultancy

 

[Mike Lewis]

oWS = CREATEOBJECT ("MSWinsock.Winsock")
? oWS.LocalIP

Mike, I might be completely wrong about this, but if the above code gives the local IP address, won't that be different from the one seen by the server?

In my case, it returned something like 192.168.xx.xx, which is the internal address of my PC within my network. It's quite different from the one a website would see when I visit that site.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips, training, consultancy