[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EasyLanguage verfying DLL identity



PureBytes Links

Trading Reference Links

Hello,

Suppose for a potential client I wanted to implement a license system
to protect EasyLanguage code.  (I'm aware of a philosophical divide
between those who think this is a good idea and those who don't like
licensing systems or would only use a system if they could see the
source; I won't go down that path).

In the architecture I've envisioned I would use a tool to generate
the key(s) and send them to the client.  The keys would be encrypted
in some form to prevent easily breaking the license system by hacking
the keys.  (I'm aware of the idea of embedding license codes in the
ELS code but am thinking of rejecting that due to the desire to not
have to recompile and export the code for each individual user.  It's
not too big of a problem for a small # of users but becomes a real
pain as the client base grows).

The client would use a tool which would let them apply the key (most
likely saving to the Registry).

When the EasyLanguage code ran it would use a DLL to check it's
licensing.  The DLL would get the key, decrypt it and return a result
signifying if the component should be allowed to run, or not.

The problem I see is that the ELS code has no means by which to
verify and trust the DLL.  Regardless of the strength of the key
encryption a clever programmer could simply subvert the system by
creating an impostor DLL which always grants access.

Figuring there's not much new under the sun I suspect the problem has
been faced and solved in another domain.  If so, any pointers or
suggestions would be appreciated.

Regards,
Brendan
---
Brendan B. Boerner
brendan@xxxxxxxxxxxxxx
Karakhorum Ventures, Inc.
www.Karakhorum.com