Hello,
I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a registration
code or perhaps something like an evaluation demo version which expires
after some period of time...
Is this the right place to ask or does anybody know where to look for more
on the subject?
Thanks
10  3917 
Math enlightened us with: But now I want the end-user to register this software with a
registration code or perhaps something like an evaluation demo
version which expires after some period of time...
Fair enough. What do you want to know from us?
Is this the right place to ask or does anybody know where to look
for more on the subject?
You never asked anything ;-)
Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
mmmhhh..UHUH??!!@#
OKAY Sybren..
How does one get the job done?
---------- Math enlightened us with: But now I want the end-user to register this software with a
registration code or perhaps something like an evaluation demo
version which expires after some period of time...
Fair enough. What do you want to know from us?
Is this the right place to ask or does anybody know where to look
for more on the subject?
You never asked anything ;-)
Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
--
http://mail.python.org/mailman/listinfo/python-list
Hi,
A suggestion:
I would use encryption (ex: AES):
Hide a secret key in your code and generate an encrypted (readable: ex 07 7B
6F ....) version of the correct info (such as full release, or demo expire
in ...) with that very same key.
Have your software input that encrypted info (some GUI dialog box), decypher
the info then act accordingly.
The trick is: where to store that ? I would use some binary data file
(encrypted bziped pickle ?) with a hash or CRC built in to prevent obvious
tampering.
Hope that helps,
Philippe
Math wrote: Hello,
I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a registration
code or perhaps something like an evaluation demo version which expires
after some period of time...
Is this the right place to ask or does anybody know where to look for more
on the subject?
Thanks
Math wrote: Hello,
I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a
registration code or perhaps something like an evaluation demo version
which expires after some period of time...
Is this the right place to ask or does anybody know where to look for
more on the subject?
Thanks
One thing I tried some time ago:
I encypted the bytecode of a few important functions with a key based on
information required from the user. Without the key, these functions
can't be decrypted. This is somewhat more secure than just testing the
key with an "if" statement since the latter could easily be bypassed by
a hacker.
To encrypt the function, I saved the bytecode of the target function to
a file. Then, in the version to be shipped, I substituted the encrypted
version of bytecode for the original bytecode. The rest of the program
(including the part that asks for the authentication information) works
fine. If the authentication passes, the encrypted function(s) are
decrypted. Normally the encrypted functions are never executed of
course (if authentication fails, the user is notified). If a hacker
bypasses the authentication test, the program will crash when the
program attempts to executed the encypted bytecode.
How to determine the key depends on your application. You may choose to
include hardware serial numbers, for example.
- Ken
Ken Seehart wrote: Math wrote: Hello,
I encypted the bytecode of a few important functions with a key based on
information required from the user. Without the key, these functions
can't be decrypted. This is somewhat more secure than just testing the
key with an "if" statement since the latter could easily be bypassed by
a hacker.
That's a really good idea. I have a couple more questions, if you don't
mind: I am going to distribute an app using py2exe. Is it reasonably
easy to apply this technique to bytecode stored inside the library.zip
file, or should I just include the encrypted Python files as separate
files?
Second, I hear that in general it is very difficult to make a
time-limited demo, because the code has to be all there, so all a
cracker has to do is bypass the "if". It seems that even this method
won't work for that. Do you know of any way to make time limiting
secure?
Thanks.
--
Want to play tabletop RPGs online?
Check out RPZen: http://koboldsoft.com
Dave Mandelin wrote: Ken Seehart wrote: Math wrote: Hello, I encypted the bytecode of a few important functions with a key based on
information required from the user. Without the key, these functions
can't be decrypted. This is somewhat more secure than just testing the
key with an "if" statement since the latter could easily be bypassed by
a hacker.
That's a really good idea. I have a couple more questions, if you don't
mind: I am going to distribute an app using py2exe. Is it reasonably
easy to apply this technique to bytecode stored inside the library.zip
file, or should I just include the encrypted Python files as separate
files?
Second, I hear that in general it is very difficult to make a
time-limited demo, because the code has to be all there, so all a
cracker has to do is bypass the "if". It seems that even this method
won't work for that. Do you know of any way to make time limiting
secure?
If an attacker is determined to 'decompile' your application then it
will be possible.
Although decompiling python byte-code (even from py2exe wrapped
programs) is easy, it's probably a less practised art than breaking C
code. (Although I guess such dissasembly is usually done on an
assembler level).
The obvious way to make it more secure is to include several checks.
Unless you are going to be writing a program used by tens of thousands
of users, it is likely that it is not worth the effort of the hackers
to bother.
I'd release the early versions using simple protection mechanisms, and
develop your protectionas your userbase grows.
Again - there are commercial tools available that will handle this for
you, if you want a higher degree of protectoin (although by no means
infallible) immediately.
Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
Thanks.
--
Want to play tabletop RPGs online?
Check out RPZen: http://koboldsoft.com
On Mon, 03 Apr 2006 19:29:14 +0200, Math wrote: Hello,
I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a registration
code or perhaps something like an evaluation demo version which expires
after some period of time...
Is this the right place to ask or does anybody know where to look for more
on the subject?
Is your application really such a gee-whiz super-duper
can't-live-without-it program that your users will put up with all the
inconvenience and hassle, not to mention loss of privacy, of having to
register? Or will they just dump your program when the demo stops working?
It seems to me that the hardest problem for any new application is getting
people to use it: most users won't ever find out about it; of those who
do most won't care about it; of those who care, most can't be bothered
downloading and installing it; and of those who might have, most will
probably know of an alternative that does the job as well or better, or at
least that they are more familiar with.
So every little barrier you put up to make it more difficult for users to
use your application, the greater the chances that your application
disappears into obscurity.
Look at Microsoft. Their first version of Word (for Macintosh, as it
turned out) was copy-protected. Their second version of Word, and every
version since, as well as Excel and Powerpoint, have not included copy
protection, time-limitations, product activation, or any other barrier to
keep users away. On the contrary -- Microsoft have turned a blind eye
to piracy until fairly recently. Same with Windows -- although, a few
years back when Microsoft felt secure in owning the desktop, they
introduced product activation. What are the odds that Vista will have it?
--
Steven.
Steven D'Aprano wrote: Look at Microsoft. Their first version of Word (for Macintosh, as it
turned out) was copy-protected. Their second version of Word, and every
version since, as well as Excel and Powerpoint, have not included copy
protection, time-limitations, product activation, or any other barrier to
keep users away. On the contrary -- Microsoft have turned a blind eye
to piracy until fairly recently. Same with Windows -- although, a few
years back when Microsoft felt secure in owning the desktop, they
introduced product activation.
Microsoft has been using product activation in it's office software for
a while now, before Windows XP in fact.
What are the odds that Vista will have it?
About 100%.
On the other hand, the original poster is no Microsoft. He, as you
said, should seriously consider whether requiring his software to be
registered is going to be worth the effort.
Ross Ridge
On Tue, 04 Apr 2006 12:02:24 -0700, Ross Ridge wrote: Steven D'Aprano wrote: Look at Microsoft. Their first version of Word (for Macintosh, as it
turned out) was copy-protected. Their second version of Word, and every
version since, as well as Excel and Powerpoint, have not included copy
protection, time-limitations, product activation, or any other barrier to
keep users away. On the contrary -- Microsoft have turned a blind eye
to piracy until fairly recently. Same with Windows -- although, a few
years back when Microsoft felt secure in owning the desktop, they
introduced product activation.
Microsoft has been using product activation in it's office software for
a while now, before Windows XP in fact.
You're right, Office has Product Activation as well as Windows, that was
my error.
However, consider how easy Microsoft make it to avoid Product Activation:
if you purchase volume licences, and by volume I mean five licences or
more, you don't have to use PA. I know plenty of people who have activated
their version of Windows; I don't know anyone, home user or corporate, who
has needed to activate their version of Office. It is so easy to legally
avoid PA on Office that I wasn't even aware you needed to do so -- and
let's not even talk about illegal installations.
Presumably there are a few SMEs and home users who have had to do PA on
their Office installs, but as a percentage, I'd be very surprised if it
was more than a tiny minority. What are the odds that Vista will have it?
About 100%.
Considering that you can hardly walk into a university, school or
corporation without finding Windows or Office supplied without PA, would
you care to revise that number?
(That's a rhetorical question, by the way.)
--
Steven.
Steven D'Aprano wrote: What are the odds that Vista will have it?
Ross Ridge wrote; About 100%.
Steven D'Aprano wrote: Considering that you can hardly walk into a university, school or
corporation without finding Windows or Office supplied without PA, would
you care to revise that number?
No. Windows Vista is certain have product activation, just like
Windows XP does. The fact that volume licence users of Vista won't be
required to use product activatation, just like volume licence users of
XP, doesn't make it any less certain.
Ross Ridge This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: JaNE |
last post by:
Hello, I have made my cms... and is working, but have some, let me say
"bugs"... And I don't know all reasons, please allow me slightly longer
and most probably confusing post (that "confusing" is...
|
by: Ashok K Kumar |
last post by:
Hi,
I have a ATL Attributed DLL which exposes a COM Component. My requirement
is, whenever, the DLL is registered, I also would like to add some entries to
the HKLM/Softwares/CompanyName........
|
by: somespam |
last post by:
Hi
Can anyone recommend methods or articles on creating a "registration" system for a web-based application
I.e
Application gets installed on a web domain e.g. www.hello.com, the user accesses...
|
by: news |
last post by:
I just upgraded to PHP 4.4.2 on my Slackware 10.2 system. And
Apache/mySQL/PHP all work great through a browser. No errors.
But when I try to run a PHP script through the command line, which I...
|
by: Wayne Smith |
last post by:
I've taken the following code from a developers web site which should allow
a user to register and receive an email message with a link to activate
their account, but when I click the link on my...
|
by: delusion7 |
last post by:
Trying to create a table and insert records from a webform and I keep getting this message:
"Successfully created the registration table.
Unable to execute the query.
Error code...
|
by: JT |
last post by:
Hi,
I would like opinions on a shareware issue. If shareware uses an
online database to hold registration codes, which get copied locally
and therefore only needs to check online if the...
|
by: satishknight |
last post by:
Hi,
Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it...
|
by: nirav11 |
last post by:
# include <iostream>
# include <fstream>
# include <iomanip>
# include <cstdlib> // needed for exit ()
using namespace std;
int main()
{
ifstream inFile;
ofstream outFile;
|
by: happyse27 |
last post by:
Hi All,
In perl script(item b below) where we check if html registration form are filled in properly without blank with the necessary fields, how to prompt users that the field are incomplete...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
