Diese Seite mit anderen teilen ...

Informationen zum Thema:
Forum:
WinDev Forum
Beiträge im Thema:
16
Erster Beitrag:
vor 4 Jahren, 7 Monaten
Letzter Beitrag:
vor 4 Jahren, 7 Monaten
Beteiligte Autoren:
Charles U. Schneiter, Tor-Bjarne, GuenterP, Yogi Yang, Bart VDE

[WD18]Receiving Initial Key - Sending Activation Key

Startbeitrag von Charles U. Schneiter am 04.12.2013 14:44

Hi Folks,

Question re best practices:

From a WinDev application (not WebDev) I would like my customers to send me an InitialKey (crypted, etc..) by clicking a button which sends this InitialKey over to me, which I then convert into an ActivationKey, which is then sent back to the customer, which she/he can then enter into a given field on a window, for further comparison and processing e.g. creating a licence file (the whole shebang is nicely explained in Glenn Rathke's excellent 'Getting up to Speed' manual, the chapter about locking down an app, for those familiar with the manual..).

How would you send data (text strings, actually) back and forth without having to rely on the presence of an E-Mail Client (it's a POS application, whose terminals do have connectivity to the internet, but no e-mail functionality)?

Or do you employ some other means of effecting this?

Thanks for your time and thoughts, much appreciated!

Antworten:

Hi Charles,

I would write the data in a text-file and send/receive it from a ftp-server.

Regards,
Bart

von Bart VDE - am 04.12.2013 15:29
Hi Charles,

be aware of the fact, that WinDev's keys are not hardware dependant!!
http://doc.pcsoft.fr/en-US/?1000018998&name=functions_for_managing_the_activation_keys&q=key

Means, if the customer copies the whole thing somehow from one cash register to the next ... there's no problem except you chose to make the business somewhat 'interesting'. However, what to do if the hardware breaks and need arises to have an immediate change of hardware? Our solution for POS-machines had been dongles and still is.

von GuenterP - am 04.12.2013 16:23
@ Bart: Thanks for this. I will check out WD's functions for FTP transfers. This solution would imply that I would have to set up an FTP-Server on my web space, OK? [Haven't really any experience with that...]

Quote
GuenterP
...
be aware of the fact, that WinDev's keys are not hardware dependant!! ...


Thanks, Gunter for this - I completely agree.

I haven't though given all of the specific details of the saveguards built into this functionality as published and adapted from Glenn's manual, mentioned above:

- It's bound to a specific harddisk's s/n and encrypted into the InitialKey.
- It's bound to a specific program version (low- mid- and high-end).
- Everything is crypted with a Saltphrase.
- It's Demo-Version is proofed against setting back the system clock.
- Same if I should go for a subscription based licensing scheme (a subject of its own I fear ;) )
- The ActivationKey is - of course - crypted as well and in no way traceable to the InitialKey.

So, basically, if someone's harddisk fails, he/she will have to re-activate the product. No big deal, if there is a sufficiently elegant solution to pass forth the keys.

von Charles U. Schneiter - am 04.12.2013 16:59
We have never implemented this in WD but in the software we have developed in VB6 and Delphi what we do is get the customer to SMS the Key which is keep short (12 hex characters) so it is easier to SMS without errors. Here our software will generate a Key which is based on the HDD Firmware number of the user computer and software's version. So this way we know if the user is installing the software on more than one PC and trying to get them unlocked.

I have built a software that is responsible to generate Unlock Key from the information received through SMS. This software is always running on a PC which has a GSM modem attached to it. The software will only send Unlock Key if the SMS received is from a phone number registered in the database and the sender should have been the owner of the software he/she wants to unlock.

Had to do this because we have released 8 software and happen to have a clientele base of around 2300.

von Yogi Yang - am 05.12.2013 04:21
Quote
GuenterP
Our solution for POS-machines had been dongles and still is.
Can you share as to which Dongles you are using? Just curious to know.

von Yogi Yang - am 05.12.2013 04:24
Hi,
1 - for a long time we used Rockey 2 USB-dongles and still do for our POS software. Dongles are the best protection devices though there is a USB-port used, which is not so well-received by customers. But it's a flexible thing especially when customers have to use their computers at unusual times, e.g. during night and weekends and want to change over to another computer / cash register if a machine breaks down. So, there must be a way to move over to other hardware and continue operation without our intervention. Only a dongle gives that flexibility. But: you cannot buy dongles by the piece, there's always a minimum order quantity.

2 - every USB-memory stick has a unique seial number! On top of this rather simple insight, we managed to build a protection system using standard USB-memory sticks. I'm not going to publish our own protection system in order to give a good starting point to the bad boys. However, I managed to mak a stored procedure which gets dongle info from the server and allows/limits connection of a defined number of workstations. There is a single user protection too, which enables a program to work with a connected USB-Memory stick (the licence file sits on the dongle and contains the dongle's serial number in encrypted form). So, basically, you just have to check whether the decrypted serial number is equal to the actual serial number of the dongle.

3 - If you don't care for how many stations are connected to a server or on how many single computers your program is running - as long as it is a certain company which is using it then just have a license file which contains the customer name / short address plus a check sum. Of course, the customer's name / address have to appear on as many reports (invoices, delivery slips, listings whatever ..) and windows as possible. Without that file the program would work in demo mode and display that information while limiting certain parameters of the program. We are using this one for smaller programs, usually sold to small companies.

von GuenterP - am 05.12.2013 06:06
@ Guenter: Thanks for your input!
Quote
GuenterP
1 - for a long time we used Rockey 2 USB-dongles and still do for our POS software. ......But: you cannot buy dongles by the piece, there's always a minimum order quantity..


As you wrote, that would be a very efficient solution - were it not for the minimum order quantity of 100pcs here ..
That's roughly USD 1'000.- which - financialwise - is not practical for us. :sneg:

@ All: Has anybody here some guiding steps to implement an FTP-based solution in WD to get me on the right tracks?

Thanks @ all and have a nice weekend!

von Charles U. Schneiter - am 06.12.2013 14:28
Hi,

Just curious - but why dont you use a webservice for this, automating the whole licence routine. ?

1. Pos-PC sends a key to the webserver. (perhaps after using his login supplied by you)
2. Webserver validates the expiry date, serialnum on his HD or whatever. And send a new expiry (say 3 month ahead) crypted.

Now - since the licence info is on a server you can lock-down the app (If no montly payments is received) just by not updating the Expiry date field.

Cheers
Tor-Bjarne

von Tor-Bjarne - am 06.12.2013 17:36
Quote
Tor-Bjarne
....
Just curious - but why dont you use a webservice for this, automating the whole licence routine. ?
....
/quote]

Hi again Tor-Bjarne,

... because I don't know anything about it - yet :eek:

Thanks for the tip - most appreciated! I will catch up and go read about it.


von Charles U. Schneiter - am 07.12.2013 09:57
Hi,

For me, Webservice looked difficult at first glance, but are "dead easy" in win/webdev.

1. On the webdev site, a webservice is just a global procedure for example like:

Procedure GetLicence(iUsername,iPassWord,iWhatever)
RetVal_Variable is string
//DO something
result RetVal_Variable


The "easy to implement and use" webservices can only return 1 value (ie like: result RetVal_Variable)

But you only need to pack a string value say: RetValVar = expirydate + "|" + licencestring + "|", then use extractstring(field1,1,"|" etc. to retrive each field on the PC side.

Then crypt it and send it back (with Result Retval_Variable).

2. When making the webservice a "WDL" file is automatic created, (and this is a cool feature of WinDev) this file you import direct into WinDev using the path from WebDev (WebDev gives you 2 links after distributing your webservice, the first the test link, the second the WDL File link).

If you right click on to "Webservices" in the "Project Explorer" a wizard ask for the WDL Link supplied from WebDev.

3. After import the "GetLicence" is defined as a function in WinDev (In Visual studio it`s more hassle I`ve been told) and can be called as any other procedure as:

My_String is string = GetLicence(OutUsername,Outpassword,"123")

That`s it :)

Cheers
Tor-Bjarne

von Tor-Bjarne - am 07.12.2013 13:27
Hi Tor-Bjarne,

Many thanks for this! :cheers:

I will digest it and see what I can do with it.

Most appreciated!

von Charles U. Schneiter - am 08.12.2013 12:48
Hi Folks,

I've been catching up on WebServices a little.
From what I gather, to use WebServices, I would have to buy an WD Application Server (EUR 300.--) , right?
For our situation, that seems not to be too costworthy, considered that I only need this functionality to transmit licensing data.
Or do I miss something here?

What I basically want to do is letting the customer send an initial key to me, I then transform this into an activation key and send it back to the customer.

From what I can see (not much I confess :eek: ) an FTP or RPC up-/download connection would serve me just fine.
What would you guys recommend - resp. which one would you choose: FTP or RPC? I don't have much knowledge regardig these aspexts, am afraid...

Thanks for your input on this!

von Charles U. Schneiter - am 11.12.2013 08:15
Hi Charles,

there's a free Application Server included on your WinDev DVD! The free version allows for a maximum of 10 Connections which, as it seems to me, is ok for a licensing scheme.

See: ftp://ftp3.pcsoft.com/wx18_63c/us/webdev/

von GuenterP - am 11.12.2013 08:26
Hi,

Also you can write your own webservice in WinDev that works with IIS 7 - But then it get a bit more complicated again :)

Cheers
Tor-Bjarne

von Tor-Bjarne - am 11.12.2013 10:08
Hi Folks,

@ Guenter: Thanks for the info! I didn't know that. 10 (concurrent) users are more than enough for me - I don't think, that my app will sell by the thousands - ummmm... or does it ??? :drink:

@ Tor-Bjarne: Life is complicated :-) I will delve into WebServices now and see what comes out of it.

Thanks guys for your help!

von Charles U. Schneiter - am 12.12.2013 10:04
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.