(Updated 2004-05-09)
Tools available from sites such as sysinternals.com can crack any method you
use to store a future date anywhere on a system such as in the registry or a
file.
Thus I prefer to limit the number of records in one key table such as 5 units or
50 volunteers but allow unlimited access for everything else. Once I get paid
then I email them an encrypted file containing the number of records they are
licensed for as well as their company name which goes on the bottom of every
page of every report.
My demo's state "Granite Consulting Demonstration System" on key screens (or all screens depending on the app) and the footer of all reports. They are also limited to the number of entries in the key table, i.e. 50 volunteers, 5 pieces of equipment, 10 customers and so forth. Of course I only distribute the front end/application database as an MDE.
I have setup a function which returns the highest record ID allowed. Then reference that function in all combo boxes which read from that important table and limit the records read to less than or equal to that highest record ID. If a continuous form of some sort then if they click on the view button reference that function and give them an appropriate message. Same thing on Add New Record buttons.
I also have all reports being run from one or two standard report parameter selection screens. Those reports are also limited. Just in case they decide to add more records externally to my app. <smile>
Once the customer has told me they've mailed me a payment I send out a ninety day license key file. Once the cheque has sat in my bank account for two weeks I send out, via email or diskette or carrier pigeon, an unlimited license key file.
I have a button on the main menu which the user then can search for my license key file, be it somewhere on the hard drive as an email file, network drive if email is on a different system or the diskette drive. I then display the name embedded in that license key file and ask if they want that file copied in. (Thanks to the Developers Handbook for code which displays all the drive letters and which searches through all the directories for a specific file.)
If multiple key files found I display them all and ask which one they want to copy. This way if I have some distributors or agents out there they can have a diskette with multiple key files on it which they are visiting multiple customers that day making the system live.
The license key file is encrypted. Somewhere in it is the customers name which appears on the key screens and all the reports. As well as that temporary unlimited license date field. My volunteer app I will likely charge at the rate of $1 per volunteer. Or in such a fashion. The number of volunteers will be somewhere else in that encrypted key file.
RC4 Encryption in VB is not exactly the routine I found for encrypting/decrypting but looks very close. Likely variable names and a bit of verification that non empty fields were passed to the routine. are the only difference. Especially the on error resume next. It works but when I tried running with error checking on it puked with overflow messages and I never even bothered attempting to fix the code. Another solution with code may be RSA source code- (or some other) -please
There is no way I can stop someone from making a copy on another system. All I can do is make it less likely for them to do so.
Also this way I will can place my databases on my websites and allowing anyone to download the real live database to work with. But they are restricted. Then once they're happy they send me money and I email them a key file.
I used a VB encryption algorithm I found somewhere on the net. Likely easily decrypted but I figured if someone went to that length not much I can do
I have a separate MDB which I use just for the creation of the key file. I have
a form in which I type in the
- customer name, which appears on the main menu in large font, and on the
bottom of each page of each report. number of units licensed, i.e. 100 trucks,
1500 volunteers,
- license expiry date
- which functions they've purchased thus I've enabled.
- file name of the key. I.e. it might be JoeBlow.key if it's for
Joe Blow Trucking.
One of the things I should do is create an in-the-event-of-my-death key. This would allow anyone to use the software and would not require the below mentioned second security level.
Another security level I created for one of my apps was to examine and save the serial number of the hard drive using API calls. I allowed them ten uses of the system before they had to call me with a number whereupon I gave them the other number which then unlocked the program. Ten uses gives them a few days to contact me.
What I've thought about is to create a table, with encrypted fields, tracking
the users machine names and MAC addresses along with date last accessed. Once
the users exceed the limit of work stations throw up a form showing all the
users who have accessed your network and ask the user to "kick" one of these
others off to avoid exceeding license usage.
Alternatively you could license the number of records in a key table. For
example I sell a volunteer tracking program based on the number of projected
volunteers.
Mac addresses are, supposedly, globally unique to network cards. Although I've
read of software which can spoof a MAC address so this may not be perfect. I
strongly suspect a given machine name must be unique on a network. So a
combination of the two ought to work reasonably well.
Stop this user from getting in until some older no longer valid entries are
flagged to be ignored. And if there aren't any then its time for them to
purchase additional licenses.