- This topic has 8 replies, 4 voices, and was last updated 9 years, 2 months ago by
.
-
Posts
-
Yesterday’s email about:”The server on which the license server runs, is a vps in a datacenter. The datacenter discovered a high security risk and needs to fix it now” reminded me to mention that the online License check prevents me to run APP on a Windows system. My Windows computers do not have an internet connection and the Astro software running on them have one time License verification. (Sequence Generator Pro, Pixinsight, DeepSkyStacker and Backyard EOS (Guylain Rochon changed the Licensing system after Backyard EOS stopped working on laptops in the field without Internet connection)
Hi Kees, yes, I realize, Scott posed this issue as well regarding needing an internet connection while you could be working in the “field”.
I am thinking about how I can solve this for you, while maintaining good application security. This is a hard thing to do and I don’t envision a good solution yet.
Scott proposed to do a once a week verification, if it fails for an entire week, than the program would stop. But that would still be a problem in your situation i would think, since you have disconnected your computers from the internet on purpose, right?
For instance, the security of Pixinsight is really weak, if you install PI on another computer and copy the license file of a working license, PI will simply always work and it will not check with any server/database. It will think it was properly activated. (So buy once, and copy a zillion times seems to work… Please, if anybody asks, you haven’t got this information from me… ? )
I’ll most definitely try to find a solution for this, I would hate it as well if my program doesn’t run, just when I want to use it when I gathered some nice data on some remote lokation with no internet.. ;-(
Need to do some studying on application security I think…
I have put this issue at the top of the RFC list.
Correct, the Windows systems are disconnected from the internet so i don’t have to run antivirus software and i don’t run any (Windows) updates to keep everything as stable as possible (If it aint broke don’t fix it) I run Pixinsight and APP on a Linux system that has a constant Internet connection so it is not a big issue for me in practice but wanted to bring the subject to your attention.
Okay and yes, the subject is something to take into serious consideration, thank you Kees.
I will study on it to try to find a solution with which I am comfortable.
First of all, I get why you want to have the best possible security for APP. But having said that, I do wonder if the online check isn’t going to cause more problems than its beneficial for you. Why?
– What is the chance of it being cracked by hackers? We’re talking about a niche market in which we’re, as photographers, a sub-group. Not much fun in putting effort into that for them I guess.
– You can make a much more secure situation then PixInsight. Is PixInsight being shared a lot among users? If that would be the case I guess we would see more action from their part.
– Many follow the same path Kees follows I think. I’m also in favor of it actually as updating my system bit me in the *** the previous session even. I could easily go back to a previous state, but it cost me time. So, I think a lot won’t have Internet on their imaging PC. Having then the need for an online check might put those people off.
– Me having the activation issues can be solved, but what about another weird system out there that suddenly, for whatever reason, fails to send out a correct identification..
Just some thoughts…
Hi Mabula – way back when (early 90s), I wrote a database application when we were running a real estate multiple listing system and charging monthly “subscriber” fees to each of the real estate agents. I was concerned about them sharing the application and not paying my monthly fees. The solution I had at the time was to tie the licensing to a single computer. Basically, when they started the app, I had it run a separate program that grabbed (if I recall) some serial number from the CPU. The first time the program ran, it wrote a config file that had this info. Subsequent times verified the system CPU serial number and compared it to the config. In this way, the application could only be run on one computer.
What you might want to think about is having your regular APP version and then having a separate “requires no internet connection” version. The difference would be that the requires no internet version could only be run on one computer. It would require additional work on your part, but when someone wanted this version of the app, you would first send them some little program that would parse some hardware specific info (maybe a mac address) and generate a file to send to you. The user would send back that file to you, and then you could send them a version of APP that checked for that hardware specific identifier. In this way, the user couldn’t share the program, but also wouldn’t require an internet connection for authenticity check.
It’s a bit more of a pain, and the vast majority of people would not require this version (they could easily accommodate the internet connected version). For the relatively small percentage that want to run it on a never connected computer, you would give them this version (you could even allow them torun it on the 2 or 3 computers by having them send you the hardware specific file for 2 or 3 computers). They’d need to understand that any computer change would necessitate them contacting you for an updated version. And, you’d need to figure some way for distributing updates that left their config file intact. But, it might be an adequate compromise solution.
Yes, I really do agree on all points you make, and Kees and Scott made ;-)
The issue for me is not how APP’s security is compared to another’s security, I just need it to be secure.
I have seriously been thinking and reading about this issue, because I would like it to work myself without an internet connection. (I think, I might have found a solution already…)
If and when I find a way to keep it really copy protected while not having to have a working internet connection, I’ll certainly implement it as soon as possible. It will be good for me, and it will be much better for you, the users of APP ;-)
So, rest assured, I’ll try really hard to get this solved properly and quick.
Mabula
Thank you Scott, for your elaborate explanation about how I could possbly solve this.
The idea that I currenly have is similar like you propose and I could possible implement it in a way that’s secure and hassle free for me and for the user. (by using public/private key security, SSL/TLS)
I’ll start work on it this week ;-)
- You must be logged in to reply to this topic.