passwords for selling your software

herbwords · Post by **herbwords** » Mon Feb 25, 2008 10:29 pm

Has anyone noticed or put information out about setting up your software with passes for protection on software you've written and want to sell?
I'm wondering specifically about the process the major players are using?
Your customer makes a purchase, you e-mail them a password, they input the password, their computer goes online and verifies that the password is a true password and unlocks the software. This process being done anyone else trying to use the same pass will be told by the verifying server that the password has already been used. Please correct me if I'm wrong on this process but again my question is: Has anyone shown how to do this?

Thanks,

herbwords

Mark · Post by **Mark** » Mon Feb 25, 2008 10:58 pm

Hi Herbie,

Yes, I did that. It is a bit complicated but can be done by an experienced programmer.

It doesn't make sense to send someone a password and then have the person send that password to your server. Usually, a password is connected to personal data. So, you encrypt the personal data and store that on the server. The software encrypts the personal data and compares that with the data on the server. If it matches, the software has been registered succesfully.

The problem is that this is never completely failsafe and home phoning is never appreciated by customers. I would sriously consider simple alternatives and use an on-line registration system only if it is absolutely necessary.

Best,

Mark

herbwords · Post by **herbwords** » Tue Feb 26, 2008 5:49 am

Thanks Mark.

I should have put the server checks to see if it's an unused password instead of a true password. So what would you consider simple alternatives?

herbwords

Mark · Post by **Mark** » Tue Feb 26, 2008 1:59 pm

Hi Herbwords,

A simple alternative is to send the user a license key, which is generated from the user's name. If name and license key match, the software has been registered successfully and can be used normally. Otherwise, it should run in demo mode.

You would have a license generator + database, possibly automated. The software should have a built-in but hidden license generator, which can check whether the license entered by the user is correct or not. Obviously, f the license is correct, the software should run normally and in demo mode otherwise.

Note that eventually all license protection mechanisms boil down to a function that returns false or true. It doesn't matter whether you have a simple or compex license system, eventually there is always a function that returns a simple boolean.

Do you have an on-line registration system already?

Best,

Mark

herbwords · Post by **herbwords** » Wed Feb 27, 2008 8:58 pm

Hi Mark,

No I don't have an online registration service. That's what I think I'm actually trying to find out how to do. I wrote a program and had an experienced Rev programmer set me up a password scheme that would generate a pass based on the purchaser's name that I would e-mail to them. The problem is they give the password to anyone with their name and anyone has access. So I figure an online registration service will only allow one registration. Is this true? And if so can you do this or tell me what I need to do it. If it requires and experienced programmer what is the cost?

Thanks,

Patrick

Mark · Post by **Mark** » Wed Feb 27, 2008 9:39 pm

Hi Patrick,

An on-line registration system might allow just one registration, depending on how you handle it and which information you store. Yes, you could simply have a password and not allow the registration if the password is used already.

The problem with this is that you also need an administration system to be able to add or reset passwords and you will have additional work giving support to your customers.

I believe that on-line registration is overkill for software priced at less than a few 100 dollars. If your product costs more than that, or if you have a particular reason to want extra security, it might be worth it.

Another possibility is to embed a MAC address in the license key, but that requires the user to send you that information somehow before you send the license key to them.

Perhaps you want to ask the experienced Rev coder you worked with before about the possibilties. If not, feel free to contact me. My e-mail address can be found in my profile.

Best,

Mark