Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Read a text file in password protected directory on website

Posted on 2004-08-17
5
208 Views
Last Modified: 2013-11-18

I am looking to implement upgraded security for some of my shareware applications.   I want my application to be able to search a text file for the entered serial, and then take appropriate action.  

There are 2 steps to this problem.

1) how can my application access the text file in a password protected directory on my website.

2) how can my application read the information in that text file on my website.
Would I use the same protocol to read the text file as I would if the file was on my HDD ?

Any assistance appreciated.




0
Comment
Question by:delphinewbie
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:Tyrsis
ID: 11827865
Hello,

This seems odd.  You want the application to connect to a web site, download a text file containing good serial numbers, and then check to see if the serial number entered by the application is good?  This isn't very secure.   Unless I misunderstand what you are asking?

A better method would be to have a validation web page.  The application connects to the web page, and sends it serial number, and then the web server itself validates the serial number and returns whether it is good or bad.  The application should never be the one checking validity.  Or if you can, setup an authentication server and bypass the web completely.  Have the application connect to the auth server, have the app send the serial to the auth server, and have the auth server tell the app whether it is good or bad, then have the application take steps after that.

Though maybe I just misunderstood what you are asking, in that case, just ignore this :)

Tyrsis
0
 
LVL 1

Author Comment

by:delphinewbie
ID: 11827905
My plan was
1) User enters serial number
2) EXE interogates text file in password protect directory - file not downloaded.
3) if serial found then all is well.

I understand what you are suggesting:
EXE enters data into web page
page interogates data file (using perl)
returns true or false.
This I can do, but how do i pass the value true or false back to the EXE?
0
 
LVL 3

Accepted Solution

by:
Tyrsis earned 125 total points
ID: 11827939
The problem is that using the web, all files are "downloaded".  Even if you don't save the file to disk, it still exists and is transferred, so if someone wants to figure out a good serial , all they have to do is snoop TCP traffic to find one of your good serial numbers, since you are sending the text file full of serials over TCP back to the application.  The best method would be to use perl or whatever scripting language of your choice.  Have the application connect to the web server and send the serial it entered.  Use the URL for this, something like http://your.web.page.com/checkserial?serial=<serialentered>.  In this example, checkserial is the server side script that actually checks the serial.  It then sends back something simple like TRUE and FALSE as a web page.  Just a single word.  The application reads the TRUE or FALSE on the web page and then takes action depending on that.  

Now, as to how to read web pages?  Well there are many methods.  Depending on what version of Delphi you are using, it may have Indy included, which is a good component for this.  Or you should check www.torry.net and download a free web component.  Also a component suite named ICS has a web component in it, and ICS is free as well which can be found at http://www.overbyte.be/frame_index.html.

Tyrsis  
0
 
LVL 2

Expert Comment

by:Molando
ID: 11828764
Not after the points, but I would not reply with a true or false, I would respond with  a code based on the serial number (any simple formula). On the page responce, read the text out and see if the number returned with the reverse of the formula is the same as the serial sent.

If you are going with indy, use an idHTTP, do not go with a TWebbrowser, as that wil eat up 14 megs of memory when the program is running.
0
 
LVL 1

Author Comment

by:delphinewbie
ID: 11829675
Got it working.

I am using IP works!  component to read the html page.
I still need to o a lot of work to bullet proof the EXE and test for internet connection, but the application can now read the required text file via the cgi script.

Molando - understand what you are saying, but the web is not the primary registration tool.  I am  using third party software to manage registrations.  My objective is to only allow the user to register the application once, without resorting to a hardware fingerprint.

My idea is:

1) User registers and receives serial number.
2) Serial number is also added to database via automatic script or manually.
3) When serial is entered application searches database and if serial number is found, registration is OK.
4) If serial number was found and registration is succesful it is then deleted.   This ensures only one copy of the software can be licensed using a single serial number.
5) If internet connection is not available then I can bypass web checking and use a hardware fingerprint.

All registration attempts are currently reported to me via a similar process, and the biggest dollar loss is through multiple regisitrations from the same user using the same serial number.  I try and keep the price low, to encourage purchases, so am a little frustrated when I lose sales this way.

This will hopefully prevent lost sales, without the need to increase the software price.


0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SP to delete duplicates 15 72
Fixed div within Bootstrap carousel item 11 61
JAudiorecorder record freezing the app 29 74
Grunt Copy file to another destination. 1 56
Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question