Read a text file in password protected directory on website

I am looking to implement upgraded security for some of my shareware applications.   I want my application to be able to search a text file for the entered serial, and then take appropriate action.  

There are 2 steps to this problem.

1) how can my application access the text file in a password protected directory on my website.

2) how can my application read the information in that text file on my website.
Would I use the same protocol to read the text file as I would if the file was on my HDD ?

Any assistance appreciated.

Who is Participating?
TyrsisConnect With a Mentor Commented:
The problem is that using the web, all files are "downloaded".  Even if you don't save the file to disk, it still exists and is transferred, so if someone wants to figure out a good serial , all they have to do is snoop TCP traffic to find one of your good serial numbers, since you are sending the text file full of serials over TCP back to the application.  The best method would be to use perl or whatever scripting language of your choice.  Have the application connect to the web server and send the serial it entered.  Use the URL for this, something like<serialentered>.  In this example, checkserial is the server side script that actually checks the serial.  It then sends back something simple like TRUE and FALSE as a web page.  Just a single word.  The application reads the TRUE or FALSE on the web page and then takes action depending on that.  

Now, as to how to read web pages?  Well there are many methods.  Depending on what version of Delphi you are using, it may have Indy included, which is a good component for this.  Or you should check and download a free web component.  Also a component suite named ICS has a web component in it, and ICS is free as well which can be found at


This seems odd.  You want the application to connect to a web site, download a text file containing good serial numbers, and then check to see if the serial number entered by the application is good?  This isn't very secure.   Unless I misunderstand what you are asking?

A better method would be to have a validation web page.  The application connects to the web page, and sends it serial number, and then the web server itself validates the serial number and returns whether it is good or bad.  The application should never be the one checking validity.  Or if you can, setup an authentication server and bypass the web completely.  Have the application connect to the auth server, have the app send the serial to the auth server, and have the auth server tell the app whether it is good or bad, then have the application take steps after that.

Though maybe I just misunderstood what you are asking, in that case, just ignore this :)

delphinewbieAuthor Commented:
My plan was
1) User enters serial number
2) EXE interogates text file in password protect directory - file not downloaded.
3) if serial found then all is well.

I understand what you are suggesting:
EXE enters data into web page
page interogates data file (using perl)
returns true or false.
This I can do, but how do i pass the value true or false back to the EXE?
Not after the points, but I would not reply with a true or false, I would respond with  a code based on the serial number (any simple formula). On the page responce, read the text out and see if the number returned with the reverse of the formula is the same as the serial sent.

If you are going with indy, use an idHTTP, do not go with a TWebbrowser, as that wil eat up 14 megs of memory when the program is running.
delphinewbieAuthor Commented:
Got it working.

I am using IP works!  component to read the html page.
I still need to o a lot of work to bullet proof the EXE and test for internet connection, but the application can now read the required text file via the cgi script.

Molando - understand what you are saying, but the web is not the primary registration tool.  I am  using third party software to manage registrations.  My objective is to only allow the user to register the application once, without resorting to a hardware fingerprint.

My idea is:

1) User registers and receives serial number.
2) Serial number is also added to database via automatic script or manually.
3) When serial is entered application searches database and if serial number is found, registration is OK.
4) If serial number was found and registration is succesful it is then deleted.   This ensures only one copy of the software can be licensed using a single serial number.
5) If internet connection is not available then I can bypass web checking and use a hardware fingerprint.

All registration attempts are currently reported to me via a similar process, and the biggest dollar loss is through multiple regisitrations from the same user using the same serial number.  I try and keep the price low, to encourage purchases, so am a little frustrated when I lose sales this way.

This will hopefully prevent lost sales, without the need to increase the software price.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.