Solved

protecting a java app

Posted on 2004-08-25
13
216 Views
Last Modified: 2010-03-31
I want to distribute a java application in demo mode and upon registration to enable the full mode. What are my options ?
What i figured out so far is that i must get the user to submit some data (such as a name, id, etc) and i'll offer a key generated from his data. he types the key in the app and if it matches his data the app gets into full mode. so far so good. BUT, what should the user's data be ? what if one user registers and then tells everyone his data and key ? are there any other options ? how are big-time commercial java apps distributed ?

thanks
0
Comment
Question by:hapciu
  • 3
  • 2
  • 2
  • +3
13 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 25 total points
ID: 11892073
Have your application communicate with your server when the user enters his key. Then if the key is valid register the product and "cancel" this key (you could set a field in the database to true, like "keyUsed = true"). Then when next user tries to re-enter the same key check it against the database. If it is canceled (field "keyUsed" is true) then inform the user that this is an invalid key.
0
 

Author Comment

by:hapciu
ID: 11892162
That's doable, but i think it's a bit of overkill for my small-time app.
is there a way to avoid communicating with my server ? can I get some absolutely unique data from the user's machine (i.e. not letting him enter his data but show it to him) ?
0
 
LVL 16

Assisted Solution

by:krakatoa
krakatoa earned 25 total points
ID: 11892237
You could try to use the serial number of the hard disk.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 25 total points
ID: 11892246
>>how are big-time commercial java apps distributed ?

They tend to generate time-limited keys. I know ATG and Together do
0
 
LVL 35

Expert Comment

by:girionis
ID: 11892258
It is only needed to be done once, when the user first enters his/her key. After that there is no need to communicate with the server since the product will be unlocked.

> can I get some absolutely unique data from the user's machine (i.e. not letting him enter his data but show it to him) ?

You could get his I.P. (if it is static and if he is not behind a firewall) or his MAC address, but you can't get the MAC address with pure Java unless you use JNI.
0
 
LVL 35

Assisted Solution

by:TimYates
TimYates earned 25 total points
ID: 11892355
   java.rmi.dgc.VMID guid = new java.rmi.dgc.VMID() ;
    System.out.println( guid.toString() ) ;

returns:

    da4d755f7762b8ea:1dd7056:fe9638a9ff:-8000

on my machine, which is a SHA encoded IP address, hashcode, system time and a counter, so if you only look at the first two blocks of it, maybe that will be unique?

0
 
LVL 35

Expert Comment

by:TimYates
ID: 11892365
actually, you could encode the key with the system time, and then you could make it only work for a specific period of time?

Maybe...
0
 

Author Comment

by:hapciu
ID: 11892373
CEHJ: what is a time limited key ? do they still communicate with the company's server ?
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 11892511
>>CEHJ: what is a time limited key ?

A licence key that expires after a period. In some cases, network connections are not made.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11892845
And at the end of the day, with perseverence, a copy of JAD, a copy of BCEL, an the JDK, people will probably be able to strip the protection out...  :-(

So I wouldn't stress about it for too long...
0
 

Expert Comment

by:hunor_nam
ID: 11951013
What kind of app is it? Can't you include in the hash some user specific data?
What I mean is that for an accounting application (for example), you could include the registration number of the company (which usually appears on reports and other stuff - so another company will NOT work with the same one)
If not... you could include the computer name and the "registered to" name (windows)... but all of this is changeable...
The only remaining option is (as stated above) the HDD serial number and/or the MAC address... but what happens when he changes hardware? You reissue...
But then as well maybe he does not, and just applies for reissue, with his "friends" data :) So you are mostly stuck. The best would be to have server communication... but I don't know if that pays off...
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
varialbe initialization 11 37
servlet filter example 37 71
Java program running SQL query 5 37
Cisco ASA: Java web start no go, asdm launcher no go 3 34
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question