By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,493 Members | 1,186 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,493 IT Pros & Developers. It's quick & easy.

Protecting your work

P: n/a
Hey folks -

I'm working on an access database that I'm hoping to be able to sell to
small/medium sized business. I would like to do some trial and demoing, but
I'm worried about client's ability to undo the security measure that I put
in place. Specifically, I know that holding the 'shift' key disables all
startup options on launch, so that cancels any ability I have to shut down a
time-period demo.

How have you done it?

Steve
Nov 12 '05 #1
Share this Question
Share on Google+
25 Replies


P: n/a
"Steve Lefevre" <le********@osu.edu> wrote in
news:br**********@charm.magnus.acs.ohio-state.edu:
Hey folks -

I'm working on an access database that I'm hoping to be able to sell to
small/medium sized business. I would like to do some trial and demoing,
but I'm worried about client's ability to undo the security measure that
I put in place. Specifically, I know that holding the 'shift' key
disables all startup options on launch, so that cancels any ability I
have to shut down a time-period demo.

How have you done it?


I haven't. I don't. And it's unlikely that I will. What part of my
delivered applications has been stolen? None of which I am aware.

What about code that I've posted here? Some of it has appeared verbatim,
or thinly disguised, as the creation of someone else. Some of the basic
concepts I !!!!believe!!!! that I may have introduced seem to underlie
others' original work. I saw a website the other day which cited "their"
capability in writing a bit of tricky code that, actually, I wrote for
them. But am I right? I don't know, because parallel thinking often occurs
here, prompted by some thread or recurring theme in this newsgroup. So do
I lie awake worrying about this? No!

Am I angry? No!
Am I hungry? No!

Thieves can worry about thievery. I will worry about work.

And I never protect the user from himself/herself. You want to mess the
thing up? Be my guest! Right now it's a hundred bucks for me to show up
and a hundred for each hour, minimum $400.

Use it right and enjoy it. Use it wrong and be responsible for what you
have done.

Why am I being long-winded here? It's on purpose. We need (maybe) some
humongous big controversial thread that will so dominate the group for a
few weeks that EVERYTHING ELSE will be ignored.

--
Lyle
(for e-mail refer to http://ffdba.com/contacts.htm)
Nov 12 '05 #2

P: n/a

"Lyle Fairfield" <Mi************@Invalid.Com> wrote in message
news:Xn*******************@130.133.1.4...
"Steve Lefevre" <le********@osu.edu> wrote in
news:br**********@charm.magnus.acs.ohio-state.edu:
I haven't. I don't. And it's unlikely that I will. What part of my
delivered applications has been stolen? None of which I am aware.
That's the problem. I want to make money. I've dealt with enough business
people to know that they will take every advantage they can. I want to be
aware of someone using my program without paying me.

"We used your app; it did some of what we want, but we're not interested in
purchasing it".

I've been the computer field long enough to know that nobody pays for
software when they don't have to. I want to make them have to, if they are
using it.
<snip>
Am I angry? No!
Am I hungry? No!
I am not angry, but I am kind of hungry lately, and a little bit thinner
than I used to be a few months ago. Apparently you are in a better financial
position than I am in right now. Maybe in a few years I can afford not to
worry about someone using my work for free, but right now, I can't. I really
need the money. And if people are benefitting from my work, I see no reason
why they shouldn't pay me.

Thieves can worry about thievery. I will worry about work.
Now all that unregistered shareware is coming back to haunt me !!! No!!!! ;)

And I never protect the user from himself/herself. You want to mess the
thing up? Be my guest! Right now it's a hundred bucks for me to show up
and a hundred for each hour, minimum $400.
Actually, that's not a bad idea!

Use it right and enjoy it. Use it wrong and be responsible for what you
have done.

Why am I being long-winded here? It's on purpose. We need (maybe) some
humongous big controversial thread that will so dominate the group for a
few weeks that EVERYTHING ELSE will be ignored.
\

I appreciate your opinion.
Nov 12 '05 #3

P: n/a
Steve Lefevre wrote:
Hey folks -

I'm working on an access database that I'm hoping to be able to sell
to small/medium sized business. I would like to do some trial and
demoing, but I'm worried about client's ability to undo the security
measure that I put in place. Specifically, I know that holding the
'shift' key disables all startup options on launch, so that cancels
any ability I have to shut down a time-period demo.

How have you done it?

Steve


It sounds like you've got a bit of reading to do. Download and read the
Access Security FAQ which details a bit of code you can use to stop the user
shift key bypassing the startup options.

And search the archives of this group at Google Groups for many an
interesting conversation regarding this subject.
Nov 12 '05 #4

P: n/a
Thank you Lyle, for the diversion. One question though:

You wrote ...
others' original work. I saw a website the other day which cited "their"
capability in writing a bit of tricky code that, actually, I wrote for
them.


I have the greatest respect for you and I hope I'm not the culprit, but
over the years I've picked up stuff and sometimes forget where I learned
it. In the course of writing articles, I try to recall these things to give
credit where credit is due.

At any rate, if I failed to give you (or anyone, for that matter) credit
for code I've used in posts, articles or at my web site, I apologize.
Be assured it's an oversight, not ingratitude.
--
Danny J. Lesandrini
dl*********@hotmail.com
http://amazecreations.com/datafast

Nov 12 '05 #5

P: n/a
rkc

"Steve Lefevre" <le********@osu.edu> wrote in message
news:br**********@charm.magnus.acs.ohio-state.edu...
Hey folks -

I'm working on an access database that I'm hoping to be able to sell to
small/medium sized business. I would like to do some trial and demoing, but I'm worried about client's ability to undo the security measure that I put
in place. Specifically, I know that holding the 'shift' key disables all
startup options on launch, so that cancels any ability I have to shut down a time-period demo.


Expand your horizons.
Don't use Access.
Use Jet for the database if you like.
Just don't use Access for your application.

How about Java?
Then you can sell it to Linux, Unix, Mac, etc. users as well.
Write once. Run anywhere.
That's the ticket.

Nov 12 '05 #6

P: n/a
rkc

"Lyle Fairfield" <Mi************@Invalid.Com> wrote in message
news:Xn*******************@130.133.1.4...

What about code that I've posted here?


Stored in a folder called 'LylesShit'.

At least thats where it is on my system.
Nov 12 '05 #7

P: n/a

"rkc" <rk*@yabba.dabba.do.rochester.rr.nope> wrote in message
news:Kn******************@twister.nyroc.rr.com...


Expand your horizons.
Don't use Access.
Use Jet for the database if you like.
Just don't use Access for your application.

How about Java?
Then you can sell it to Linux, Unix, Mac, etc. users as well.
Write once. Run anywhere.
That's the ticket.


Now you're talking about turning a 80-hour project into a 500-hour project.

I know Access and I can make stuff that's useable, which means sellable. I
don't know Java, and I would start off by making crappy software, and it
would take quite a long time to get to where I am now with Access.
Nov 12 '05 #8

P: n/a
Steve,
You can put a lot of effort in trying to prevent .... but,
just make sure your demo doesn't work too long ...

In your mainform:
If Date >= ExpireDate then
Msgbox "Bye, Demo has expired."
Application.Quit
End if

It's unlikely that users will change the systemdate.
If they are willing to do this, let them ...
they are not going to be a paying client IMO

--
Hope this helps
Arno R
"Steve Lefevre" <le********@osu.edu> schreef in bericht
news:br**********@charm.magnus.acs.ohio-state.edu...
Hey folks -

I'm working on an access database that I'm hoping to be able to sell to
small/medium sized business. I would like to do some trial and demoing, but
I'm worried about client's ability to undo the security measure that I put
in place. Specifically, I know that holding the 'shift' key disables all
startup options on launch, so that cancels any ability I have to shut down a
time-period demo.

How have you done it?

Steve


Nov 12 '05 #9

P: n/a
"rkc" <rk*@yabba.dabba.do.rochester.rr.nope> wrote in news:PsIDb.23101
$J*******@twister.nyroc.rr.com:

"Lyle Fairfield" <Mi************@Invalid.Com> wrote in message
news:Xn*******************@130.133.1.4...

What about code that I've posted here?


Stored in a folder called 'LylesShit'.


Well-named; I can always count on you to bring some reality to my rantings. I
value that.

--
Lyle
(for e-mail refer to http://ffdba.com/contacts.htm)
Nov 12 '05 #10

P: n/a
"Danny J. Lesandrini" <dl*********@hotmail.com> wrote in
news:br************@ID-82595.news.uni-berlin.de:
Thank you Lyle, for the diversion. One question though:

You wrote ...
others' original work. I saw a website the other day which cited
"their" capability in writing a bit of tricky code that, actually, I
wrote for them.


I have the greatest respect for you and I hope I'm not the culprit, but
over the years I've picked up stuff and sometimes forget where I learned
it. In the course of writing articles, I try to recall these things to
give credit where credit is due.

At any rate, if I failed to give you (or anyone, for that matter) credit
for code I've used in posts, articles or at my web site, I apologize.
Be assured it's an oversight, not ingratitude.


Never you.

--
Lyle
(for e-mail refer to http://ffdba.com/contacts.htm)
Nov 12 '05 #11

P: n/a

"Arno R" <ar****************@tiscali.nl> wrote in message
news:3f**********************@dreader2.news.tiscal i.nl...
Steve,
You can put a lot of effort in trying to prevent .... but,
just make sure your demo doesn't work too long ...

In your mainform:
If Date >= ExpireDate then
Msgbox "Bye, Demo has expired."
Application.Quit
End if


Isn't this easily removable by 1.holding shift to disable startup options
and 2. going into the vba editor and removing it?
Nov 12 '05 #12

P: n/a
On Tue, 16 Dec 2003 16:41:37 -0500, "nntp.service.ohio-state.edu"
<le********@osu.edu> wrote:

"Arno R" <ar****************@tiscali.nl> wrote in message
news:3f**********************@dreader2.news.tisca li.nl...
Steve,
You can put a lot of effort in trying to prevent .... but,
just make sure your demo doesn't work too long ...

In your mainform:
If Date >= ExpireDate then
Msgbox "Bye, Demo has expired."
Application.Quit
End if


Isn't this easily removable by 1.holding shift to disable startup options
and 2. going into the vba editor and removing it?

Why distribute an MDB? Just hardcode the ExpireDate in a module and
distribute an MDE.

Nov 12 '05 #13

P: n/a
There are some third-party utilities out there that claim to do this, but I
know nothing about them. I distribute as an .mde file, with security on the
backend. I limit the number of records to xx, then when they decide to pay,
I email them a license "key", which they enter into their frontend, which
unlocks their frontends for unlimited use and unlimited records. I have, so
far, allowed unlimited users although I'm considering limiting the number
.... how to do that is another story.

Tony Toews has a good bit about this at his site:

http://www.granite.ab.ca/access/demo.htm

Also, if you aren't sure how to disable the shiftkey, you are almost
certainly not ready to distribute Access apps to the general public ... not
to mean anything by this ... but there is a LOT more to remotely
distributing Access apps than copying a few files ... it is an art all in
itself!!
--
Scott McDaniel
CS Computer Software
Visual Basic - Access - Sql Server - ASP
"Steve Lefevre" <le********@osu.edu> wrote in message
news:br**********@charm.magnus.acs.ohio-state.edu...
Hey folks -

I'm working on an access database that I'm hoping to be able to sell to
small/medium sized business. I would like to do some trial and demoing, but I'm worried about client's ability to undo the security measure that I put
in place. Specifically, I know that holding the 'shift' key disables all
startup options on launch, so that cancels any ability I have to shut down a time-period demo.

How have you done it?

Steve

Nov 12 '05 #14

P: n/a
can you set up a terminal server with VPN / firewall...
and ship out a VPN client as your demo software..
and let the potential customer run the application MDE on your terminal server ?

"nntp.service.ohio-state.edu" <le********@osu.edu> wrote in message news:<br**********@charm.magnus.acs.ohio-state.edu>...
"rkc" <rk*@yabba.dabba.do.rochester.rr.nope> wrote in message
news:Kn******************@twister.nyroc.rr.com...


Expand your horizons.
Don't use Access.
Use Jet for the database if you like.
Just don't use Access for your application.

How about Java?
Then you can sell it to Linux, Unix, Mac, etc. users as well.
Write once. Run anywhere.
That's the ticket.


Now you're talking about turning a 80-hour project into a 500-hour project.

I know Access and I can make stuff that's useable, which means sellable. I
don't know Java, and I would start off by making crappy software, and it
would take quite a long time to get to where I am now with Access.

Nov 12 '05 #15

P: n/a


"Deano" <de*********@hotmail.com> wrote
It sounds like you've got a bit of reading
to do. Download and read the Access
Security FAQ which details a bit of code
you can use to stop the user shift key by-
passing the startup options.
And, if the total cost of yours and all other Access software that the
particular person wants to use is less than US$150, then you won't have to
worry about them purchasing "password recovery" software and cracking Access
security. For all its apparent complexity, Access security is rather easy to
break.
And search the archives of this group
at Google Groups for many an
interesting conversation regarding this subject.


Yes, there are some. It is, in fact, possible to implement a limited trial
that can't be cracked easily, by putting limits on the amount of data and
enforcing those limits in code, and distributing an MDE. It's not that an
MDE _could not_ be cracked; you could purchase software to crack the VB4
equivalent. Still, we haven't heard of any MDE back to source, even crummy
source, software.

But, you should understand that another reason Lyle and others of us do not
bother overly much with security schemes is that an experienced Access
developer can re-create most any Access application in a relatively short
time just from watching it used. So limiting the extent of your trial
version may work, but it really will not protect your application.

I'd say this is one of the issues that kept me from ever being very
interested in distributing Access applications as shareware or commercial
software. I've only done paying work on "bespoke systems", tailored for an
individual customer, and also given away free quite a lot of things, mostly
examples rather than complet applications.

Good luck.

Larry Linson
Microsoft Access MVP
Nov 12 '05 #16

P: n/a
Do NOT click on the URL in the above post
--
Scott McDaniel
CS Computer Software
Visual Basic - Access - Sql Server - ASP
Nov 12 '05 #17

P: n/a
1. do not rely on access security, all usernames and passwords can be
cracked

2. if the restriction is date > systemdate, yes they will change the
systemdate to try to use it for free

3. my solution was to have the app phone home and authenticate
- it allows the user 3 uses w/o authenticating
- info about usage is stored in the registry
- if they cannot write to the registry then they have to authenticate
every time
- use an encrypted MDE and in the startup routine, have code like: If
Admin then End

John Bickmore
www.BicycleCam.com
www.Feed-Zone.com

"Jim Allensworth" <ji****@Notdatacentricsolutions.com> wrote in message
news:3f****************@news.west.earthlink.net...
On Tue, 16 Dec 2003 16:41:37 -0500, "nntp.service.ohio-state.edu"
<le********@osu.edu> wrote:

"Arno R" <ar****************@tiscali.nl> wrote in message
news:3f**********************@dreader2.news.tisca li.nl...
Steve,
You can put a lot of effort in trying to prevent .... but,
just make sure your demo doesn't work too long ...

In your mainform:
If Date >= ExpireDate then
Msgbox "Bye, Demo has expired."
Application.Quit
End if


Isn't this easily removable by 1.holding shift to disable startup options
and 2. going into the vba editor and removing it?

Why distribute an MDB? Just hardcode the ExpireDate in a module and
distribute an MDE.

Nov 12 '05 #18

P: n/a
On Wed, 17 Dec 2003 17:00:00 GMT, "xzzy" <mr********@comcast.net>
wrote:
1. do not rely on access security, all usernames and passwords can be
cracked Well, I don't know of any experienced developers who do rely on
security beyond keeping users from shooting themselves in the foot.

2. if the restriction is date > systemdate, yes they will change the
systemdate to try to use it for free Who cares if they are going to use a crippled app? I can't imagine
anyone allowing misdated invoices or purchase orders.

3. my solution was to have the app phone home and authenticate
- it allows the user 3 uses w/o authenticating
- info about usage is stored in the registry
- if they cannot write to the registry then they have to authenticate
every time
- use an encrypted MDE and in the startup routine, have code like: If
Admin then End

Phone home? I would never even take a look at an application that had
the restrictions that you mention. Demoware or shareware no matter.

- Jim
Nov 12 '05 #19

P: n/a
"xzzy" <mr********@comcast.net> wrote in news:jY%Db.415249$ao4.1348904
@attbi_s51:
3. my solution was to have the app phone home and authenticate
- it allows the user 3 uses w/o authenticating
- info about usage is stored in the registry
- if they cannot write to the registry then they have to authenticate
every time
- use an encrypted MDE and in the startup routine, have code like: If
Admin then End


This is very sad.
Who could work like this?
Would there be any joy in life where one did?

--
Lyle
(for e-mail refer to http://ffdba.com/contacts.htm)
Nov 12 '05 #20

P: n/a
TC

"Jim Allensworth" <ji****@Notdatacentricsolutions.com> wrote in message
news:3f****************@news.west.earthlink.net...

(snip)
Phone home? I would never even take a look at an application that had
the restrictions that you mention. Demoware or shareware no matter.

Personally, I agree. But another reglar poster said in another group today
(I forget which), that he thinks this will happen more & more in future.
Obviously, DRM is here to stay. Since they can't protect their keys when
they are "coded in", there will surely be a push to obtain those keys at
runtime, over the net. That method, if it happens, will probably leak down
into application protection methods, in due course.

TC

Nov 12 '05 #21

P: n/a

"Jim Allensworth" <ji****@Notdatacentricsolutions.com> wrote in message
news:3f****************@news.west.earthlink.net...
Phone home? I would never even take a look at an application that had
the restrictions that you mention. Demoware or shareware no matter.


So, you don't use MS Offce 2k or later?
Nov 12 '05 #22

P: n/a
On Thu, 18 Dec 2003 11:10:01 -0500, "Steve Lefevre"
<le********@osu.edu> wrote:

"Jim Allensworth" <ji****@Notdatacentricsolutions.com> wrote in message
news:3f****************@news.west.earthlink.net.. .
Phone home? I would never even take a look at an application that had
the restrictions that you mention. Demoware or shareware no matter.


So, you don't use MS Offce 2k or later?

Only when I gotta. Few companies have the clout of MS. I noticed that
TurboTax (Symantec) dropped their online registration requirements
this year because of an uproar over it last year when they started
doing it.

I use a personal firewall to intercept and manage those issues.

It reminds me of spyware. It would be too tempting for a company to
"phone back" some sensitive information. As I recall there was/is an
issue with XP installations on medical systems because of the
potential security problems. I use XP Pro, but keep it under close
wraps - as close as I can.

I wouldn't put in a expire date. What some do is limit the records in
a key table. When it is paid for send them a front end without the
limitation.

- Jim
Nov 12 '05 #23

P: n/a
the app I wrote that phones home costs $5,000 to $8,000 a pop, depending on
the number of seats. no one has ever cared that it phones home to
authenticate

John Bickmore
www.BicycleCam.com
www.Feed-Zone.com

"Jim Allensworth" <ji****@Notdatacentricsolutions.com> wrote in message
news:3f****************@news.west.earthlink.net...
On Thu, 18 Dec 2003 11:10:01 -0500, "Steve Lefevre"
<le********@osu.edu> wrote:

"Jim Allensworth" <ji****@Notdatacentricsolutions.com> wrote in message
news:3f****************@news.west.earthlink.net.. .
Phone home? I would never even take a look at an application that had
the restrictions that you mention. Demoware or shareware no matter.


So, you don't use MS Offce 2k or later?

Only when I gotta. Few companies have the clout of MS. I noticed that
TurboTax (Symantec) dropped their online registration requirements
this year because of an uproar over it last year when they started
doing it.

I use a personal firewall to intercept and manage those issues.

It reminds me of spyware. It would be too tempting for a company to
"phone back" some sensitive information. As I recall there was/is an
issue with XP installations on medical systems because of the
potential security problems. I use XP Pro, but keep it under close
wraps - as close as I can.

I wouldn't put in a expire date. What some do is limit the records in
a key table. When it is paid for send them a front end without the
limitation.

- Jim

Nov 12 '05 #24

P: n/a
TC
I'll swap you my app, for your app!

TC
"xzzy" <mr********@comcast.net> wrote in message
news:GnpEb.81850$8y1.287291@attbi_s52...
the app I wrote that phones home costs $5,000 to $8,000 a pop, depending on the number of seats. (snip)

Nov 12 '05 #25

P: n/a
For me, I simply use an MDE with a coded password saved in the system
which locks out the various screens from the user. Leave a screen
accessible for them to enter the code into. It would be very difficult
to work out how to change the password to enable the system to work
longer. It has a start and end date that it works out, but again, you
could probably get around this quite easily by changing the date of
the PC (although it will show incorrectly on the accounts and
reports).

Yes, the user can hold shift and get into the design view. MDE limits
access to code. OK, so this can be worked around, but the assumption I
work to is that if someone would go to the effort of doing this and
knew what they were doing, they would probably would have had a go at
this app themselves and wouldn't need me.

If anyone asked for the code, I'd happily give out examples, but like
to put a reasonable amount of effort into stopping them.

This is all until I can make enough money to justify buying either VB
or Delphi which I would prefer to have written it in.

If one person wrote it, someone else can crack it.

Ryan
www.ryan.dial.pipex.com
Nov 12 '05 #26

This discussion thread is closed

Replies have been disabled for this discussion.