Solved

Read a text file in password protected directory on website

Posted on 2004-08-17
5
204 Views
Last Modified: 2013-11-18

I am looking to implement upgraded security for some of my shareware applications.   I want my application to be able to search a text file for the entered serial, and then take appropriate action.  

There are 2 steps to this problem.

1) how can my application access the text file in a password protected directory on my website.

2) how can my application read the information in that text file on my website.
Would I use the same protocol to read the text file as I would if the file was on my HDD ?

Any assistance appreciated.




0
Comment
Question by:delphinewbie
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:Tyrsis
ID: 11827865
Hello,

This seems odd.  You want the application to connect to a web site, download a text file containing good serial numbers, and then check to see if the serial number entered by the application is good?  This isn't very secure.   Unless I misunderstand what you are asking?

A better method would be to have a validation web page.  The application connects to the web page, and sends it serial number, and then the web server itself validates the serial number and returns whether it is good or bad.  The application should never be the one checking validity.  Or if you can, setup an authentication server and bypass the web completely.  Have the application connect to the auth server, have the app send the serial to the auth server, and have the auth server tell the app whether it is good or bad, then have the application take steps after that.

Though maybe I just misunderstood what you are asking, in that case, just ignore this :)

Tyrsis
0
 
LVL 1

Author Comment

by:delphinewbie
ID: 11827905
My plan was
1) User enters serial number
2) EXE interogates text file in password protect directory - file not downloaded.
3) if serial found then all is well.

I understand what you are suggesting:
EXE enters data into web page
page interogates data file (using perl)
returns true or false.
This I can do, but how do i pass the value true or false back to the EXE?
0
 
LVL 3

Accepted Solution

by:
Tyrsis earned 125 total points
ID: 11827939
The problem is that using the web, all files are "downloaded".  Even if you don't save the file to disk, it still exists and is transferred, so if someone wants to figure out a good serial , all they have to do is snoop TCP traffic to find one of your good serial numbers, since you are sending the text file full of serials over TCP back to the application.  The best method would be to use perl or whatever scripting language of your choice.  Have the application connect to the web server and send the serial it entered.  Use the URL for this, something like http://your.web.page.com/checkserial?serial=<serialentered>.  In this example, checkserial is the server side script that actually checks the serial.  It then sends back something simple like TRUE and FALSE as a web page.  Just a single word.  The application reads the TRUE or FALSE on the web page and then takes action depending on that.  

Now, as to how to read web pages?  Well there are many methods.  Depending on what version of Delphi you are using, it may have Indy included, which is a good component for this.  Or you should check www.torry.net and download a free web component.  Also a component suite named ICS has a web component in it, and ICS is free as well which can be found at http://www.overbyte.be/frame_index.html.

Tyrsis  
0
 
LVL 2

Expert Comment

by:Molando
ID: 11828764
Not after the points, but I would not reply with a true or false, I would respond with  a code based on the serial number (any simple formula). On the page responce, read the text out and see if the number returned with the reverse of the formula is the same as the serial sent.

If you are going with indy, use an idHTTP, do not go with a TWebbrowser, as that wil eat up 14 megs of memory when the program is running.
0
 
LVL 1

Author Comment

by:delphinewbie
ID: 11829675
Got it working.

I am using IP works!  component to read the html page.
I still need to o a lot of work to bullet proof the EXE and test for internet connection, but the application can now read the required text file via the cgi script.

Molando - understand what you are saying, but the web is not the primary registration tool.  I am  using third party software to manage registrations.  My objective is to only allow the user to register the application once, without resorting to a hardware fingerprint.

My idea is:

1) User registers and receives serial number.
2) Serial number is also added to database via automatic script or manually.
3) When serial is entered application searches database and if serial number is found, registration is OK.
4) If serial number was found and registration is succesful it is then deleted.   This ensures only one copy of the software can be licensed using a single serial number.
5) If internet connection is not available then I can bypass web checking and use a hardware fingerprint.

All registration attempts are currently reported to me via a similar process, and the biggest dollar loss is through multiple regisitrations from the same user using the same serial number.  I try and keep the price low, to encourage purchases, so am a little frustrated when I lose sales this way.

This will hopefully prevent lost sales, without the need to increase the software price.


0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

There are two main kinds of selectors in CSS: One is base selector like h1, h2, body, table or any existing HTML tags.  For instance, the following rule sets all paragraphs (<p> elements) to red: (CODE) CSS also allows us to define our own custom …
I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now