Ali Asghar Toraby Parizy wrote:
Ok, thanks
but how can i create serial number that nobody can guess it. for example
when i use sha1() every body can examine it too! and so they can create it
themselves!
what strategy is useful to protect license?
Ahh, so you are trying to protect your PHP code with a license key?
If so, then here are my thoughts on it.
- Don't bother encrypting the license key too much. Your code will be
available as source code so it will be possible to circumvent any
protection/limitation.
- Even file validation like creating md5suma of files is nothing but
headache because some FTP servers and clients will modify the source by
adjusting the end of line characters (binary upload prevents this).
- I have noticed that most customers will not mess with the scripts
since they want support from you. Remove all comments from the source
and the end of line characters to prevent the hobby tinkerer from
causing problems.
- The problem with people messing with the code is that they usually
don't start a support request with "I changed something and now feature
X does not work..." but rather with "All the sudden feature X stopped
working....".
- People who have the goal to circumvent your license code will do so
regardless of protection and will see sophisticated protection as a
challenge. So I don't bother with encryption of the information since
implementing something secure will usually mean that it will get in the
way of honest customers. Look at computer games, it is a prime example
of copy protection interfering with honest customers by causing problems.
All I do is generate a license code which contains a string (name or
customer id) and configuration values. The license code can be decoded
via a function and validated.
So I turn the string
AsgharToraby100C into this=> 0B50B-50B54-MSDD2-OMPDD-OMI33
Here 100C is the license value, the customer has a 100 client access
license. The key has built in , very basic, validation bits to validate
the key as a whole.
The script can decode the license key via a function to retrieve the max
authenticated user (100) before allowing new logins.
The string part can be decoded as well but capitalization is lost.
Here are a few license code functions I wrote many years ago. Maybe
something like this will work/is what you are looking for.
... well actually ... I just looked at the code, I wrote it about 6
years, and I am bit embarrassed of how I handled a few things :)
But the code is solid, it has been in use since then and I have not
noticed any problems :)
So let me know if this sounds like something you are looking for and
would like to see and I will cleanup the code for you.
--
John
Intelligent Life
http://xkcd.com/638/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
