License Key?

Is there a generic scheme for licensing? We would like to include a sort of licensing key with our product based on the domain it is used on. I know that just encrypting the page which checks the key can be easily circumvented, so is there an alternative way? Idealy, we produce a key for a client, the input it into the application and it unlocks or provides unlimited features. Anyone have ideas on how this has been done? Cedric

Seems like public/private key encryption would work for you. Generate a key pair for use with your application and include the public key with your application distribution. You can then encrypt the domain with your private key and verify it from your application with the public key. That should give you all the security you need. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ 888-408-0900 x901 > Is there a generic scheme for licensing? We would like to include a sort > of > licensing key with our product based on the domain it is used on. I know > that just encrypting the page which checks the key can be easily > circumvented, so is there an alternative way? Idealy, we produce a key for ----- Excess quoted text cut - see Original Post for more -----

At 02:23 PM 12/3/2002, you wrote: >That should give you all the security you need. Considering that someone can always just do a find/replace and comment out any place that checks the key, this really isn't much protection.

Well obviously you would need to make sure the code that checks the key can't be modified. In other words, you can't use CFML to check the key. I suggest you hide some critical piece of code that the application depends on along with the key check and then compile that into a CFX. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ 888-408-0900 x901 > At 02:23 PM 12/3/2002, you wrote: > >That should give you all the security you need. > > Considering that someone can always just do a find/replace and comment out ----- Excess quoted text cut - see Original Post for more -----

> Well obviously you would need to make sure the code that checks the key > can't be modified. In other words, you can't use CFML to check the key. > I suggest you hide some critical piece of code that the application > depends on along with the key check and then compile that into a CFX. Which prevents your app from being installed on most shared hosting servers. Not that this should necessarily be a concern -- if it's for a trial, the person receiving the key should hopefully be installing it on a local machine even if it means using the CF Server developer edition on their workstation. If the software is reasonably inexpensive, there are liable to be some customers who'll want to install it on a shared server because they need several people to access it from different locations in order to evaluate it and they don't have the cash for a dedicated server. Just my 2c. s. isaac dealey                954-776-0046 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

So if making a CFX is not the way to go, then what is? Cedric ----- Excess quoted text cut - see Original Post for more ----- servers. > Not that this should necessarily be a concern -- if it's for a trial, the > person receiving the key should hopefully be installing it on a local > machine even if it means using the CF Server developer edition on their > workstation. If the software is reasonably inexpensive, there are liable to > be some customers who'll want to install it on a shared server because they ----- Excess quoted text cut - see Original Post for more -----

Web service? -- Mosh Teitelbaum evoch, LLC Tel: (301) 625-9191 Fax: (301) 933-3651 Email: mosh.teitelbaum@evoch.com WWW: http://www.evoch.com/ ----- Excess quoted text cut - see Original Post for more -----

If you're just making a call to validate the license, then that can be commented out.  If you put substantial functionality in a web service simply to get it out of ColdFusion, then you're taking a performance hit without real justification. At 04:02 PM 12/3/2002, you wrote: ----- Excess quoted text cut - see Original Post for more -----

Write to MM and ask for the ability to distribute class files without the CFM source code.  This feature was supposed to be in CFMX (announced at DevCon 2001) but didn't make it. http://www.macromedia.com/support/email/wishform/?6213=3 (fyi--you'd still need CFMX server to provide runtime services, just don't need compile on demand or cfm source files). If you're in a shared host and can't use CFX or Java Class, then your SOL.  If you can use CFX or Java Class, then go with one of those--but remember, as Matt said, you can't just put the license check inside the Java code, you have to also put something substantial to the app so people can't just comment out the cfx call. At 12:44 PM 12/3/2002, you wrote: ----- Excess quoted text cut - see Original Post for more -----

BTW, BlueDragon allows you to distribute secured CFML source code. Matt Liotta President & CEO Montara Software, Inc. http://www.montarasoftware.com/ 888-408-0900 x901 > Write to MM and ask for the ability to distribute class files without the > CFM source code.  This feature was supposed to be in CFMX (announced at > DevCon 2001) but didn't make it. > > http://www.macromedia.com/support/email/wishform/?6213=3 > > (fyi--you'd still need CFMX server to provide runtime services, just don't > need compile on demand or cfm source files). > > If you're in a shared host and can't use CFX or Java Class, then your > SOL.  If you can use CFX or Java Class, then go with one of those--but > remember, as Matt said, you can't just put the license check inside the > Java code, you have to also put something substantial to the app so people ----- Excess quoted text cut - see Original Post for more ----- the > key > > > > can't be modified. In other words, you can't use CFML to check the > key. > > > > I suggest you hide some critical piece of code that the application ----- Excess quoted text cut - see Original Post for more ----- hosting > >servers. > > > Not that this should necessarily be a concern -- if it's for a trial, > the > > > person receiving the key should hopefully be installing it on a local ----- Excess quoted text cut - see Original Post for more ----- because > >they > > > need several people to access it from different locations in order to ----- Excess quoted text cut - see Original Post for more -----