|
First, seems to me there are serious privacy implications here. This would probably require that you totally open up your communications protocol to ensure to users that you are not sending private data back. Just look at how much some people freak out over cookies.
Second, you would drive IT admins nuts. Besides the added bandwidth of the communications that is required, some admins watch their traffic very carefully and want to know what each an every port and message is for. All it would take would be one admin to see that the traffic was carrying a serial number and you would be shut down quick.
Third, this method is not really well suited for any disconnected users (laptop users that work offline) so you would have to consider them.
I go by the rule that the 'harder' a products security is the 'harder' someone will be willing to work to break it. Put in just enough to keep an honest man honest and take care of the rest through support agreements.
Paul Watson wrote:
"At the end of the day it is what you produce that counts, not how many doctorates you have on the wall."
George Carlin wrote:
"Don't sweat the petty things, and don't pet the sweaty things."
Jörgen Sigvardsson wrote:
If the physicists find a universal theory describing the laws of universe, I'm sure the a**hole constant will be an integral part of that theory.
|
|
|
|
|
thanks, some good points there,
I should mention that the app I'm writing is like an ide for web developers, so offline it's no good anyway.
But besides, I'm not talking about the app *requiring* a net connection to work. I'm talking about something more passive. So, when you run it, it checks to see if you're online, and if you are, it rolls some dice, and then decides to send the http get request (and doesn't even listen for response). Not only would the request be incredibly small- we're talking like the size of this sentence, its just the key I'd be sending, but it would also be infrequent. So, as for the "added bandwidth" I mean this codeproject.com page you're looking at is as big as like 400 of those little requests, which would only get sent like once a week per user. See what I mean?
The communication protocol would just be HTTP. And as for IT admins watching packets- it would just be an HTTP request, not an open port on the user's machine or something. In fact, I could even send it though an IE webbrowser control. A serial number is like A23S-SWE12-FW42, which essentially looks just like a session argument- you know like amazon.com/a/something.cgi?s=S42G2-GR445D or something.
Not that I'd be sneaky tho- it'd be right there in the user agreement.
Like I say it can be cracked, sure. But if you download some pirated software you have to count on the cracker to have done a perfect job, it's a question of you trusting the anonymous, shady cracker out there, which I don't think most people will do. I mean, I sure wouldn't.
thanks
"Outside of a dog, a book is Man’s best friend. And inside of a dog, it’s too dark to read."
-Groucho Marx
|
|
|
|
|
This might be ok, perhaps if you only did it when the user was going online to upload thier files to the web server or something like that.
The funny thing about people is that they like thier privacy. Even if you put this statement in the license agreement they might not like it. Hell, they might not even read it.
I would be as open and as upfront about it as I can. I would make them sign a separate privacy statement that spells this out in black and white, and I woul dmake sure that the software would run WITHOUT it unless you are aready to make sure that they always have a clear shot to your servers over the internet at all times. If you don't do this be ready for the customers to come back and require that you sign an SLA to provide them 5 9's of uptime on your end.
Paul Watson wrote:
"At the end of the day it is what you produce that counts, not how many doctorates you have on the wall."
George Carlin wrote:
"Don't sweat the petty things, and don't pet the sweaty things."
Jörgen Sigvardsson wrote:
If the physicists find a universal theory describing the laws of universe, I'm sure the a**hole constant will be an integral part of that theory.
|
|
|
|
|
A. Some do. I don't recall what software does it, but I know I have seen some software that has done it.
B. Some people wouldn't like their IP address being sent out (even if encrypted).
C. How would that help really? People's IP address may change (every time if still on a modem). How could you correlate it?
Just some more random thoughts to consider at least. 
There are only 10 types of people in this world....those that understand binary, and those that do not.
|
|
|
|
|
Yea, some good points,
I should mention that the app I'm writing is a web development IDE, so it's using the web already. Fundamentally, your IP goes out no matter what you do on the web, (unless you're behind a proxy). I mean if people send their IP to me when they come to my web site, why can't they send it to me when they're using my app, right? (Right now codeproject.com has our IP's oh no!)
And no I can't correlate it (unless I had the ISP's assistance) but don't you think that would deterr some people from using the cracked version? Maybe not experts like you but regular folks.
thanks much
"Outside of a dog, a book is Man’s best friend. And inside of a dog, it’s too dark to read."
-Groucho Marx
|
|
|
|
|
Intuit, the folks who make TurboTax tried something similar, but combined it with a fairly invasive DRM protection scheme. The "activation" portion functioned similarly to that of Windows Product Activation, however the DRM portion wrote to the boot sector of the hard drive.
The result? Mass customer backlash which finally led to the company removing DRM from future versions of the product.
I understand the need to protect your intellectual property, but it should implemented in a consumer-friendly way. Ya know?
|
|
|
|
|
Yep I'm with you. In fact, last year I stopped using turbotax and switched to TaxCut because of that when i did my taxes.
But I mean, you understand what I'm talking about isn't like crazy invasive like that right! I'm not talking about like boot sector raping! I explained it better here http://www.codeproject.com/script/comments/forums.asp?msg=508895&forumid=1649#xx508895xx
thanks
"Outside of a dog, a book is Man’s best friend. And inside of a dog, it’s too dark to read."
-Groucho Marx
|
|
|
|
|
A. Lots of apps do it prime example virtual girl.
B. What is this about protecting your IP, cant see how you could apart from spoofing and this sends an IP, just someone else's. If you want to use the internet an IP is needed somwhere along the line, and it always goes across in the request header. The IP is the simplest thing to find out and there is now way to stop it unless all you use the internet for is email.
C. Agreed, can't just use IP number because of DHCP.
He who laughs last thinks slowest.
|
|
|
|
|
What if I have two machines, say one at home and one at my vacation home (yeah right like I would own two houses) and I use only one at a time, so its not multiple users, then I get screwed for piracy, even though I am not copying and giving out the software to unauthorized users. Actually I am notr sure what pricay laws say about that.
|
|
|
|
|
Yea my license agreement says you can install on two machines provided you only use one at a time (that's kind of standard or at least common). So you're not screwed there.
"Outside of a dog, a book is Man’s best friend. And inside of a dog, it’s too dark to read."
-Groucho Marx
|
|
|
|
|
I use AdMuncher[^] with IP scramble option.
From that site:
Privacy concerns can be addressed also. Ad Muncher includes options to remove identifying fields from page requests, preventing web page owners from tracking where you came from or which browser you’re using. The IP Scramble feature also allows you to hide where you are connected from; it instead bounces web page requests off dozens of anonymous proxy servers sequentially, keeping your address hidden and cached requests scattered.
Don't ![Beer | [beer]](https://www.codeproject.com/script/Forums/Images/beer.gif) and drive.
|
|
|
|
|
It is really going to depend on many factors. One version I have pondered on using should I release an application to the general public again, is to use a "battery" type system. (Oppps.. Better run on patent it so that I can wait five years and hit people up for fees  )
With the it will simply force the person to "charge" the registration battery when they sign up. This makes a full battery in the program and will function normally until the battery runs out. When it gets low it will have in icon that appears somewhere which if they click on will charge it back up. If it continues to get lower it will start blinking. When the battery is almost died, it will start a popup each time you run the application informing them it needs charged. When it batter dies the program dies until recharged.
This both allows off-line use but with regulation. There would also be an option to keep the battery charged any time there is a network connection thus eliminating any user intervention.
I would also give each installation a unique ID and allow (x) installs per purchase. When they are charging the system, it will pass that ID to the server that will verify they are a legal user. If not, or the number of times it is charged (if you allow two machines then in a battery time span it would allow two recharges), if more charges have been used than allowed or it is an invalid code it would not charge.
All this is a simple way to protect software. BUT (yes there is always one of those), if you are writing an application in C#, unless you have a very good scrambler, some smart person will just decompile your program and diconnect the battery.
This is one of the reasons companies like Microsoft are now trying to force everyone into a hardware key so that hacked version can be detected. I have one rule when it comes to copy protection, "If man created, man can break it". You can never make an application safe you can only keep honest people honest.
Another way to cut down on piracy is to put out lots of updates. If a hacked version it detected in an update, they program no longer works.
Rocky Moore <><
|
|
|
|
|
Bog wrote:
Hey I was wondering- why don't software developers (desktop software) not just make the desktop application communicate with a web site every now and then, sending the user's IP address and registration key? That way if someone installed a pirated copy, the company would know. I never see any companies do that. Is there like a law against that or something? (As long as it's in the license agreement of course..)
Let's suppose it's legal for a moment.
What if my ISP uses dynamic IPs, like DHCP? How would you distinguish multiple pirate users x one user copy with dynamic IP?
Ok, suppose that you don't use the IP to identify the user, you use the MAC Address of the network card, and suppose it has not been tampered. Suppose everything is just right.
What would you do? How will you make the user register the software?
Send him a scary letter? How will you physically locate the pirate guys, without spending lots of money on the court?
Spend some thousand dollars on lawyers to recover a few bucks on a shareware proggie?
Hire some bad guys with guns and dogs to break the pirate's house and destroy his computer? (I admit it, this is appealing.)
Kant wrote:
Actually she replied back to me "You shouldn't fix the bug. You should kill it"
|
|
|
|
|
Look I'm not talking about whips and chains level security. All I'm saying is, it's a psycological thing. If you're a computer programmer you know better, but most people aren't. Most people when they find out that the app communicates with my site will think twice about using a cracked copy.
And by the way if a user's ip is dynamic, the isp can still find out which user was on that ip at that time from their logs. But that's not even what I'm proposing. I'm only talking about psychological effect. I'm not even talking about actually suing people. I'm not talking about this as a 100% secure solution to software piracy. I'm sure you're aware there is no 100% secure solution. All we poor programmers are left to do is to try our best and do what we can.
It's like if I proposed using a padlock and a fence to protect my driveway and you say "What if people just use wire cutters?" Does that mean my driveway is no more secure with a fence than without? It's not binary, buddy, it's not "secure or insecure", it's "more secure or less secure".
Besides, it doesn't take much time to code. It's like an 8 minute job.
"Outside of a dog, a book is Man’s best friend. And inside of a dog, it’s too dark to read."
-Groucho Marx
|
|
|
|
|
just a test
"Outside of a dog, a book is Man’s best friend. And inside of a dog, it’s too dark to read."
-Groucho Marx
|
|
|
|
|
I am having some difficulty adding a member to a directory group
object that has 1,000 or more members already in it. For
example, if I have a group object with 1,300 existing
members in it, and I attempt to add another member, my
list of members is truncated to 1,001. Since I am using a
Windows 2000 directory server, I assume it's related to
the 1,000 per page issue. It works just fine if there are less
than 1,000 members in the group.
Here is the code I am using to add the member:
*****************BEGIN CODE********************
string AdsPath
= "LDAP://CN=GroupObject,DC=DomainA,DC=CorpA,DC=COM";
// bind
DirectoryEntry de = new DirectoryEntry(AdsPath);
// add member
de.Properties["member"].Add("CN=user,DC=DomainA,DC=CorpA,DC=com");
// commit
de.CommitChanges();
de.Close()
******************END CODE********************
Thanks in advance for your help. 
|
|
|
|
|
Is it possible to save the Data of a DataTable DefaultView to a XML File? I mean I want to save the Content of the DataView, not the Structure of the DataTable to XML. Is there a Methode?
Thanks
Stefan
|
|
|
|
|
I've tried to use the crystal reports with .NET .
There was a message to register. I've filled in the codes which were accepted.
Afterward using Crystal Reports was not possible: Message was "Invalid key". I've search everything but didn't find a place where to refill these codes. So where can I reenter or change this codes?
Thanks
Stefan
|
|
|
|
|
These two sites should help you. Quickly though you need to look into the merge module properties. If you dont know what that means, below is your answer:
http://support.crystaldecisions.com/library/kbase/articles/c2013175.asp
http://support.crystaldecisions.com/communityCS/TechnicalPapers/crnet_deployment.pdf
|
|
|
|
|
|
When deploying your project, you should add some components to your project, and for one of them, you should select it and look in properties window, there is (as I remember) a licence key property, that can be filled with one that you can see in about screen of your installed .Net environment.
I hope this helps!
Regards
Don't forget, that's <font color="blue">" Persian Gulf "</font> not Arabian gulf!
|
|
|
|
|
Thank you all for your answers!
Your answers are focused on Application Deployment but I want to use Crystal Reports in .NET while developing the project (otherwise I couldn't set the enviroment for the Crystal Report).
I just wanted to know how I can change the registration key for the project I'm on now. Is this not possible? Is it really need to make a deploying project?
The situation now is that when I "Add New Item", Crystal Report, a message comes up "Invalid Key". Then I can't do anything in the report. The Crystal Report worked before I've entered the registration key, so I think I misstyped it and want now to recheck and reenter this code.
Please answer this.
Stefan
|
|
|
|
|
I'm using an academic version of C#. I tried to use System.Web,
but Web is not in the dropdown.
I'm running on a Windows 2000 server.
I've installed Server patch #3
I've installed ASP 1.1
I've done a full install of Visual Studio.Net.
I can't seem to find the class template for System.Web.
Does anyone have an idea of what I might have done wrong.
Appreciate any help!
Tom
|
|
|
|
|
In your project:
Project-> AddReference
On the Tav .NET find and select System.Web.dll
Press OK.
|
|
|
|
|
I’ve got a treeview control on a windows form and the treeview is already populated. Is their a way to traverse through the tree looking for a node with certain text, then remove that node when the matched node with the text is found? I’m passing in the string text of the node I want to delete from another form, the tree is located on the parent form.
The tree looks like this. I want to delete Smith when it's passed in from the other form.
Employee
Johnson
Smith
Employee Location
Boston
Seattle
If this is possible any help would be greatly appreciated.
The code below won’t work since I don’t want to select the node manually.
TreeNode tn = treeView1.SelectedNode;
treeView1.Nodes.Remove(tn);
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
