[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Read a text file in password protected directory on website

Posted on 2004-08-17
Medium Priority
Last Modified: 2013-11-18

I am looking to implement upgraded security for some of my shareware applications.   I want my application to be able to search a text file for the entered serial, and then take appropriate action.  

There are 2 steps to this problem.

1) how can my application access the text file in a password protected directory on my website.

2) how can my application read the information in that text file on my website.
Would I use the same protocol to read the text file as I would if the file was on my HDD ?

Any assistance appreciated.

Question by:delphinewbie
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 11827865

This seems odd.  You want the application to connect to a web site, download a text file containing good serial numbers, and then check to see if the serial number entered by the application is good?  This isn't very secure.   Unless I misunderstand what you are asking?

A better method would be to have a validation web page.  The application connects to the web page, and sends it serial number, and then the web server itself validates the serial number and returns whether it is good or bad.  The application should never be the one checking validity.  Or if you can, setup an authentication server and bypass the web completely.  Have the application connect to the auth server, have the app send the serial to the auth server, and have the auth server tell the app whether it is good or bad, then have the application take steps after that.

Though maybe I just misunderstood what you are asking, in that case, just ignore this :)


Author Comment

ID: 11827905
My plan was
1) User enters serial number
2) EXE interogates text file in password protect directory - file not downloaded.
3) if serial found then all is well.

I understand what you are suggesting:
EXE enters data into web page
page interogates data file (using perl)
returns true or false.
This I can do, but how do i pass the value true or false back to the EXE?

Accepted Solution

Tyrsis earned 500 total points
ID: 11827939
The problem is that using the web, all files are "downloaded".  Even if you don't save the file to disk, it still exists and is transferred, so if someone wants to figure out a good serial , all they have to do is snoop TCP traffic to find one of your good serial numbers, since you are sending the text file full of serials over TCP back to the application.  The best method would be to use perl or whatever scripting language of your choice.  Have the application connect to the web server and send the serial it entered.  Use the URL for this, something like http://your.web.page.com/checkserial?serial=<serialentered>.  In this example, checkserial is the server side script that actually checks the serial.  It then sends back something simple like TRUE and FALSE as a web page.  Just a single word.  The application reads the TRUE or FALSE on the web page and then takes action depending on that.  

Now, as to how to read web pages?  Well there are many methods.  Depending on what version of Delphi you are using, it may have Indy included, which is a good component for this.  Or you should check www.torry.net and download a free web component.  Also a component suite named ICS has a web component in it, and ICS is free as well which can be found at http://www.overbyte.be/frame_index.html.


Expert Comment

ID: 11828764
Not after the points, but I would not reply with a true or false, I would respond with  a code based on the serial number (any simple formula). On the page responce, read the text out and see if the number returned with the reverse of the formula is the same as the serial sent.

If you are going with indy, use an idHTTP, do not go with a TWebbrowser, as that wil eat up 14 megs of memory when the program is running.

Author Comment

ID: 11829675
Got it working.

I am using IP works!  component to read the html page.
I still need to o a lot of work to bullet proof the EXE and test for internet connection, but the application can now read the required text file via the cgi script.

Molando - understand what you are saying, but the web is not the primary registration tool.  I am  using third party software to manage registrations.  My objective is to only allow the user to register the application once, without resorting to a hardware fingerprint.

My idea is:

1) User registers and receives serial number.
2) Serial number is also added to database via automatic script or manually.
3) When serial is entered application searches database and if serial number is found, registration is OK.
4) If serial number was found and registration is succesful it is then deleted.   This ensures only one copy of the software can be licensed using a single serial number.
5) If internet connection is not available then I can bypass web checking and use a hardware fingerprint.

All registration attempts are currently reported to me via a similar process, and the biggest dollar loss is through multiple regisitrations from the same user using the same serial number.  I try and keep the price low, to encourage purchases, so am a little frustrated when I lose sales this way.

This will hopefully prevent lost sales, without the need to increase the software price.


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question