By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,921 Members | 1,442 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,921 IT Pros & Developers. It's quick & easy.

Alternative application security schema via web verification

P: n/a
MLH
Have any of you experimented with an Access 97 app running on
a web-enabled PC toward the objective of having the remote PC
running your application 'check-in' with your web server to ensure
it is an authorized installation - that it is not something installed
by a software pirate?

Basically the remote client polls your server(s) saying "Hey, I wanna
run today" and the first running server it hits attempts to
authenticate it and either grants or denies permish. Just checking.
Wanna know if this is a reliable model.
Nov 13 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a

"MLH" <CR**@NorthState.net> wrote in message
news:m4********************************@4ax.com...
Have any of you experimented with an Access 97 app running on
a web-enabled PC toward the objective of having the remote PC
running your application 'check-in' with your web server to ensure
it is an authorized installation - that it is not something installed
by a software pirate?

Basically the remote client polls your server(s) saying "Hey, I wanna
run today" and the first running server it hits attempts to
authenticate it and either grants or denies permish. Just checking.
Wanna know if this is a reliable model.


I couldn't say about anyone else, but for me it'd be a reliable way to have
me immediately return the application and demand a refund. I do 'way too
much work on my notebook, not connected to the Web to put up with that kind
of nonsense. I can't avoid programs that require "activation", but at least
those don't require a web connection whenever they are run.

Larry Linson
Microsoft Access MVP
Nov 13 '05 #2

P: n/a
"Larry Linson" <bo*****@localhost.not> wrote in
news:Qbjxe.5220$mr4.1483@trnddc05:
"MLH" <CR**@NorthState.net> wrote in message
news:m4********************************@4ax.com...
Have any of you experimented with an Access 97 app running on
a web-enabled PC toward the objective of having the remote PC
running your application 'check-in' with your web server to
ensure it is an authorized installation - that it is not
something installed by a software pirate?

Basically the remote client polls your server(s) saying "Hey, I
wanna run today" and the first running server it hits attempts to
authenticate it and either grants or denies permish. Just
checking. Wanna know if this is a reliable model.


I couldn't say about anyone else, but for me it'd be a reliable
way to have me immediately return the application and demand a
refund. I do 'way too much work on my notebook, not connected to
the Web to put up with that kind of nonsense. I can't avoid
programs that require "activation", but at least those don't
require a web connection whenever they are run.


All sorts of apps attempt to phone home on my machine, but I have my
software firewall to block all outgoing (and incoming) connections
that have not been allowed by explicit rules I've already set up.

This means that your app would fail.

And I'd want my money back.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 13 '05 #3

P: n/a
MLH
Point well taken. And, as always Larry, a point well made. This app
is an app that users buy so they can automatically retrieve specific
information from websites and save in their tables. Fact is, it has
little purpose in any off-line setting. My model would be to hit just
another website to check "Hey, am I legal?" whilst hitting dozens
of others in the course of business.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xx

I couldn't say about anyone else, but for me it'd be a reliable way to have
me immediately return the application and demand a refund. I do 'way too
much work on my notebook, not connected to the Web to put up with that kind
of nonsense. I can't avoid programs that require "activation", but at least
those don't require a web connection whenever they are run.

Larry Linson
Microsoft Access MVP


Nov 13 '05 #4

P: n/a
MLH
Hey, believe me. I feel like you guys. But fortunately for me, my
customers won't be inconvenienced. Part of the minimum system
requirements (like free diskspace rqd, memory, pentium + processor,
etc) include 24x7 unobstructed access to I'net. Customers are told
so in advance and have an opportunity to weigh this drawback agains
the program benefits. Its a very small niche of customers. I haven't
had anyone complain. All are permanent, stationary office computer
installations - no laptops. Most are dedicated to the single
application, unused for routine office apps.

No gripes so far. And for that, I am grateful.

So back to the point, would the "phone home" model be easily
implemented in A97?

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

All sorts of apps attempt to phone home on my machine, but I have my
software firewall to block all outgoing (and incoming) connections
that have not been allowed by explicit rules I've already set up.

This means that your app would fail.

And I'd want my money back.


Nov 13 '05 #5

P: n/a
MLH wrote:
Hey, believe me. I feel like you guys. But fortunately for me, my
customers won't be inconvenienced. Part of the minimum system
requirements (like free diskspace rqd, memory, pentium + processor,
etc) include 24x7 unobstructed access to I'net. Customers are told
so in advance and have an opportunity to weigh this drawback agains
the program benefits. Its a very small niche of customers. I haven't
had anyone complain. All are permanent, stationary office computer
installations - no laptops. Most are dedicated to the single
application, unused for routine office apps.

No gripes so far. And for that, I am grateful.

So back to the point, would the "phone home" model be easily
implemented in A97?


If you have a web service that could respond to an HTTP request then yes, at the
Access end it's pretty easy to send an HTTP request and process the response. I
do this with the MSXML DLL found on most any Windows machine since IE 4 has been
out.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com
Nov 13 '05 #6

P: n/a
MLH
<snip>
Thanks much. I'll look into that.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

If you have a web service that could respond to an HTTP request then yes, at the
Access end it's pretty easy to send an HTTP request and process the response. I
do this with the MSXML DLL found on most any Windows machine since IE 4 has been
out.


Nov 13 '05 #7

P: n/a
MLH <CR**@NorthState.net> wrote in
news:qr********************************@4ax.com:

[Rick Brandt:]
If you have a web service that could respond to an HTTP request
then yes, at the Access end it's pretty easy to send an HTTP
request and process the response. I do this with the MSXML DLL
found on most any Windows machine since IE 4 has been out.


Thanks much. I'll look into that.


No matter how you implemented it, I wouldn't let any of my clients
run your program, because there is no way to know what you're
sending to your website.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 13 '05 #8

P: n/a
MLH
I can't blame you for that. One can never be
too safe when it comes to security.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
No matter how you implemented it, I wouldn't let any of my clients
run your program, because there is no way to know what you're
sending to your website.


Nov 13 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.