Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Creating an online activation system

Posted on 2006-07-03
10
Medium Priority
?
228 Views
Last Modified: 2012-05-05
Hi, I want to implement an online activation system for my application. I want to write it myself so I have full control over changing it, if it gets hacked etc.

My application is a Windows app. The user will click a button, and an encrypted string will be sent to my web app, which will decrypt it and then lookup the data in a database and then send an encrypted string back to the sender. The windows end is no problem, it's the web app where I need advice. I am not sure what technologies to use to achieve this. I want it to be as secure as possible to limit hacking. I was thinking of writing a web service (soap server) as the web app. Would this be the best way to go?

Also, the database? This will have about 30 thousand records initially and it needs to be secure. Would MySQL be a good option?

I am most familiar with Delphi 7, but I can easily adapt to any other language.

Thanks. Best regards,
Gary
0
Comment
Question by:GaryHandley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 12

Accepted Solution

by:
Ivanov_G earned 336 total points
ID: 17033525
Web Service is good enough. Maybe you can think of XML parameters (encrypted of course)

<REQ>
  <LICENCE>asjdfh120949asjlhfjakl</LICENCE>
  <DATE>....</DATE>
</REQ>

and the response in similar way.

MySQL does not offer a consistensy with all the needed feature in development phrase. You can have a look at PostgreSQL - it is more like a real database - triggers, transactions, etc ... and syntax similar to PL/SQL. One disadvantage is if you have Full-Text-Search which is faster in MySQL
0
 
LVL 3

Assisted Solution

by:Ubethatway
Ubethatway earned 332 total points
ID: 17034697
The simplest option, IMO, would simple be to use a TCP connection to pass the encryped string. As long as you have your DB server behind a firewall, and its access is restricted to your server app, then security shouldnt be an issue. Also, i would have thought that if you passed the right information to the server app in your encrypted string, you wouldnt need a full-text-search (if you set up you primary keys properly etc).

Hope that helps, Mark
0
 
LVL 17

Assisted Solution

by:TheRealLoki
TheRealLoki earned 332 total points
ID: 17047930
any HTTP server that supports SSL is fine.
even Indy has a demo that does this (there is also just a simple Indy TCP SSL demo)
http://www.indyproject.org/Sockets/Demos/index.en.aspx
At the server end, you can use whatever you want. mysql will be fine for this.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:BlakeyUK
ID: 17269588
Hi,

I had a similar question a short time ago and a person called Workshop Alex gave me an excellent and detailed explanation of options available.

It may help you.

http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_21936302.html#17224561

Best Regards
Blake

0
 

Expert Comment

by:GaryBytes
ID: 18265414
Hi, the question has not been answered, but please split the points between Ivanov_G , Ubetthatway and BlakeUK.

There are no options for me to accept answers, perhaps because the question is old.

Gary
0
 
LVL 14

Expert Comment

by:cwwkie
ID: 18269480
0
 

Expert Comment

by:GaryBytes
ID: 18274661
If you want to ask a question about my account please e-mail me directly.
Gary
0
 

Expert Comment

by:GaryBytes
ID: 18290918
If anyone is reading the solution to this, please ignore the accepted answer. "cwwkie" ignored my request on points spread, so it is misleading. In fact this thread should be deleted as it will likely put people on the wrong track if they have a similar issue.

Gary
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question