Alternative application security schema via web verification

"MLH" <CR**@NorthState.net> wrote in message
news:m4********************************@4ax.com...

Have any of you experimented with an Access 97 app running on
a web-enabled PC toward the objective of having the remote PC
running your application 'check-in' with your web server to ensure
it is an authorized installation - that it is not something installed
by a software pirate?

Basically the remote client polls your server(s) saying "Hey, I wanna
run today" and the first running server it hits attempts to
authenticate it and either grants or denies permish. Just checking.
Wanna know if this is a reliable model.

I couldn't say about anyone else, but for me it'd be a reliable way to have
me immediately return the application and demand a refund. I do 'way too
much work on my notebook, not connected to the Web to put up with that kind
of nonsense. I can't avoid programs that require "activation", but at least
those don't require a web connection whenever they are run.

Larry Linson
Microsoft Access MVP

"Larry Linson" <bo*****@localhost.not> wrote in
news:Qbjxe.5220$mr4.1483@trnddc05:

"MLH" <CR**@NorthState.net> wrote in message
news:m4********************************@4ax.com...

Have any of you experimented with an Access 97 app running on
a web-enabled PC toward the objective of having the remote PC
running your application 'check-in' with your web server to
ensure it is an authorized installation - that it is not
something installed by a software pirate?

Basically the remote client polls your server(s) saying "Hey, I
wanna run today" and the first running server it hits attempts to
authenticate it and either grants or denies permish. Just
checking. Wanna know if this is a reliable model.

I couldn't say about anyone else, but for me it'd be a reliable
way to have me immediately return the application and demand a
refund. I do 'way too much work on my notebook, not connected to
the Web to put up with that kind of nonsense. I can't avoid
programs that require "activation", but at least those don't
require a web connection whenever they are run.

All sorts of apps attempt to phone home on my machine, but I have my
software firewall to block all outgoing (and incoming) connections
that have not been allowed by explicit rules I've already set up.

This means that your app would fail.

And I'd want my money back.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

Point well taken. And, as always Larry, a point well made. This app
is an app that users buy so they can automatically retrieve specific
information from websites and save in their tables. Fact is, it has
little purpose in any off-line setting. My model would be to hit just
another website to check "Hey, am I legal?" whilst hitting dozens
of others in the course of business.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xx

I couldn't say about anyone else, but for me it'd be a reliable way to have
me immediately return the application and demand a refund. I do 'way too
much work on my notebook, not connected to the Web to put up with that kind
of nonsense. I can't avoid programs that require "activation", but at least
those don't require a web connection whenever they are run.

Larry Linson
Microsoft Access MVP

Hey, believe me. I feel like you guys. But fortunately for me, my
customers won't be inconvenienced. Part of the minimum system
requirements (like free diskspace rqd, memory, pentium + processor,
etc) include 24x7 unobstructed access to I'net. Customers are told
so in advance and have an opportunity to weigh this drawback agains
the program benefits. Its a very small niche of customers. I haven't
had anyone complain. All are permanent, stationary office computer
installations - no laptops. Most are dedicated to the single
application, unused for routine office apps.

No gripes so far. And for that, I am grateful.

So back to the point, would the "phone home" model be easily
implemented in A97?

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

All sorts of apps attempt to phone home on my machine, but I have my
software firewall to block all outgoing (and incoming) connections
that have not been allowed by explicit rules I've already set up.

This means that your app would fail.

And I'd want my money back.

MLH wrote:

Hey, believe me. I feel like you guys. But fortunately for me, my
customers won't be inconvenienced. Part of the minimum system
requirements (like free diskspace rqd, memory, pentium + processor,
etc) include 24x7 unobstructed access to I'net. Customers are told
so in advance and have an opportunity to weigh this drawback agains
the program benefits. Its a very small niche of customers. I haven't
had anyone complain. All are permanent, stationary office computer
installations - no laptops. Most are dedicated to the single
application, unused for routine office apps.

No gripes so far. And for that, I am grateful.

So back to the point, would the "phone home" model be easily
implemented in A97?

If you have a web service that could respond to an HTTP request then yes, at the
Access end it's pretty easy to send an HTTP request and process the response. I
do this with the MSXML DLL found on most any Windows machine since IE 4 has been
out.
--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com

<snip>
Thanks much. I'll look into that.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

If you have a web service that could respond to an HTTP request then yes, at the
Access end it's pretty easy to send an HTTP request and process the response. I
do this with the MSXML DLL found on most any Windows machine since IE 4 has been
out.

MLH <CR**@NorthState.net> wrote in
news:qr********************************@4ax.com:

[Rick Brandt:]

If you have a web service that could respond to an HTTP request
then yes, at the Access end it's pretty easy to send an HTTP
request and process the response. I do this with the MSXML DLL
found on most any Windows machine since IE 4 has been out.

Thanks much. I'll look into that.

No matter how you implemented it, I wouldn't let any of my clients
run your program, because there is no way to know what you're
sending to your website.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

I can't blame you for that. One can never be
too safe when it comes to security.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

No matter how you implemented it, I wouldn't let any of my clients
run your program, because there is no way to know what you're
sending to your website.