I need to create a registration class (or framework, or whatever) that is implemented into the software we create and sell to clients. I am looking for some ideas on how it will work.
My initial idea was to have the client-side piece in the software itself and have it communicate with a MySQL server on our website that contains the registration info, but I thought that might be a little too insecure, with only a password that could be reverse engineered out of the software.
Any one know of any Java APIs that already do something like this, or have any ideas of how to build a framework like this?
You're right that a client app should not contact your DB directly; that's a major security no-no. You could go through an HTTP proxy on your site, but the communication -which can be observed in traffic- should give away nothing that can be used to guess information used by other clients. Also, with everything you do, keep in mind that Java apps can be decompiled and the security features patched out. It's not trivial to do, but won't put up unsurmountable obstacles to a determined attacker. So, whatever measures you put in place, may be circumvented by some people.
JMX isn't meant for managing remote client applications on machines; it would anyway have to make TCP/IP connections from afar, which generally isn't going to work.
keytool is meant for managing encryption keys and certificates, not for application keys; I'd go with a database for storing user and license information.
TrueLicense is an open source solution to some (or maybe all?) of the associated problems (not to deompilation, though).
posted 11 years ago
TrueLicense looks like exactly what I am looking for. Thanks for all the good info!
It runs on an internal combustion engine. This ad does not:
Devious Experiments for a Truly Passive Greenhouse!