Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Read a text file in password protected directory on website

Posted on 2004-08-17
Medium Priority
Last Modified: 2013-11-18

I am looking to implement upgraded security for some of my shareware applications.   I want my application to be able to search a text file for the entered serial, and then take appropriate action.  

There are 2 steps to this problem.

1) how can my application access the text file in a password protected directory on my website.

2) how can my application read the information in that text file on my website.
Would I use the same protocol to read the text file as I would if the file was on my HDD ?

Any assistance appreciated.

Question by:delphinewbie
  • 2
  • 2

Expert Comment

ID: 11827865

This seems odd.  You want the application to connect to a web site, download a text file containing good serial numbers, and then check to see if the serial number entered by the application is good?  This isn't very secure.   Unless I misunderstand what you are asking?

A better method would be to have a validation web page.  The application connects to the web page, and sends it serial number, and then the web server itself validates the serial number and returns whether it is good or bad.  The application should never be the one checking validity.  Or if you can, setup an authentication server and bypass the web completely.  Have the application connect to the auth server, have the app send the serial to the auth server, and have the auth server tell the app whether it is good or bad, then have the application take steps after that.

Though maybe I just misunderstood what you are asking, in that case, just ignore this :)


Author Comment

ID: 11827905
My plan was
1) User enters serial number
2) EXE interogates text file in password protect directory - file not downloaded.
3) if serial found then all is well.

I understand what you are suggesting:
EXE enters data into web page
page interogates data file (using perl)
returns true or false.
This I can do, but how do i pass the value true or false back to the EXE?

Accepted Solution

Tyrsis earned 500 total points
ID: 11827939
The problem is that using the web, all files are "downloaded".  Even if you don't save the file to disk, it still exists and is transferred, so if someone wants to figure out a good serial , all they have to do is snoop TCP traffic to find one of your good serial numbers, since you are sending the text file full of serials over TCP back to the application.  The best method would be to use perl or whatever scripting language of your choice.  Have the application connect to the web server and send the serial it entered.  Use the URL for this, something like http://your.web.page.com/checkserial?serial=<serialentered>.  In this example, checkserial is the server side script that actually checks the serial.  It then sends back something simple like TRUE and FALSE as a web page.  Just a single word.  The application reads the TRUE or FALSE on the web page and then takes action depending on that.  

Now, as to how to read web pages?  Well there are many methods.  Depending on what version of Delphi you are using, it may have Indy included, which is a good component for this.  Or you should check www.torry.net and download a free web component.  Also a component suite named ICS has a web component in it, and ICS is free as well which can be found at http://www.overbyte.be/frame_index.html.


Expert Comment

ID: 11828764
Not after the points, but I would not reply with a true or false, I would respond with  a code based on the serial number (any simple formula). On the page responce, read the text out and see if the number returned with the reverse of the formula is the same as the serial sent.

If you are going with indy, use an idHTTP, do not go with a TWebbrowser, as that wil eat up 14 megs of memory when the program is running.

Author Comment

ID: 11829675
Got it working.

I am using IP works!  component to read the html page.
I still need to o a lot of work to bullet proof the EXE and test for internet connection, but the application can now read the required text file via the cgi script.

Molando - understand what you are saying, but the web is not the primary registration tool.  I am  using third party software to manage registrations.  My objective is to only allow the user to register the application once, without resorting to a hardware fingerprint.

My idea is:

1) User registers and receives serial number.
2) Serial number is also added to database via automatic script or manually.
3) When serial is entered application searches database and if serial number is found, registration is OK.
4) If serial number was found and registration is succesful it is then deleted.   This ensures only one copy of the software can be licensed using a single serial number.
5) If internet connection is not available then I can bypass web checking and use a hardware fingerprint.

All registration attempts are currently reported to me via a similar process, and the biggest dollar loss is through multiple regisitrations from the same user using the same serial number.  I try and keep the price low, to encourage purchases, so am a little frustrated when I lose sales this way.

This will hopefully prevent lost sales, without the need to increase the software price.


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question