4 Replies - 608 Views - Last Post: 19 July 2010 - 05:05 PM Rate Topic: -----

#1 Guest_Markus*


Reputation:

Best way to secure my program/authenticate users?

Posted 18 July 2010 - 11:41 AM

This question is a bit of a two parter. I'm developing this program for a small company, and while I don't need any help with the program itself, I don't know what the best way is to secure my program and make sure that only those who are authorized to use the program can do so. As far as securing the program itself, I'm going to be using a solution from this company http://www.excelsior-usa.com/ called Excelsior JET. From their site: "Excelsior JET is a toolkit and complete runtime environment for acceleration, protection, and deployment of Java SE applications." Basically what it does is take your class files and compile them into a native .exe for Windows and includes an installer, so when you distribute your application you don't actually distribute your original class files at all or the JRE for your program to run and the installer puts what the user needs on their system to run your program, such as the JRE to ensure the customer has that installed.

Any thoughts on that? I've never used this program before but it seems PERFECT for protecting my class files and distributing the program in an easy to use and execute method.

Here's my real question though:

What is the best way to ensure that only users who buy a license can use the program? This is kind of what I was thinking:

1) Users who buy a license can be sent a product key that the program will require to run.
2) Once the product key is entered, the program sends this key to our server.
3) Once the server verifies that the key is valid, it sends a response back to the client that the client needs before it can run. Some simple command to set a boolean to true, then the program runs.

Our clients that will be using this program are guaranteed to have an Internet connection, so I'm not worried about that. Thoughts?

Is This A Good Question/Topic? 0

Replies To: Best way to secure my program/authenticate users?

#2 bcranger  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 252
  • View blog
  • Posts: 1,199
  • Joined: 01-February 10

Re: Best way to secure my program/authenticate users?

Posted 18 July 2010 - 01:32 PM

Seems alright, maybe encrypt your product key being sent to the server. Also, let each product key be different (randomly generated) each time and let each key be used up to once, to prevent sharing/leakage.
Was This Post Helpful? 0
  • +
  • -

#3 pbl  Icon User is offline

  • There is nothing you can't do with a JTable
  • member icon

Reputation: 8334
  • View blog
  • Posts: 31,858
  • Joined: 06-March 08

Re: Best way to secure my program/authenticate users?

Posted 18 July 2010 - 06:22 PM

Not easy to do in Java
Java is the easiest to hack language you should use Username/password connection when connecting to the DB server
Was This Post Helpful? 0
  • +
  • -

#4 dleskov  Icon User is offline

  • New D.I.C Head

Reputation: 4
  • View blog
  • Posts: 3
  • Joined: 18-November 08

Re: Best way to secure my program/authenticate users?

Posted 19 July 2010 - 12:27 AM

View PostMarkus, on 18 July 2010 - 10:41 AM, said:

Our clients that will be using this program are guaranteed to have an Internet connection, so I'm not worried about that. Thoughts?

Don't do online license checks unless your program itself needs a working Internet connection all the time. Even then, think twice before you do that: your license server may go down, your hosting provider may fall victim to a DoS attack, some of your users may be behind firewalls blocking access to your server and so on.

Personally, I won't use a program that relies on the availability of a service that does not add value. Even a hardware dongle is better. By the way, there is a dongle with a twist specifically for Java.

P.S. I did not comment on Excelsior JET cause I work for Excelsior, but you may wish to read my article "Protect Your Java Code - Through Obfuscators And Beyond".
Was This Post Helpful? 3
  • +
  • -

#5 pbl  Icon User is offline

  • There is nothing you can't do with a JTable
  • member icon

Reputation: 8334
  • View blog
  • Posts: 31,858
  • Joined: 06-March 08

Re: Best way to secure my program/authenticate users?

Posted 19 July 2010 - 05:05 PM

View Postdleskov, on 19 July 2010 - 01:27 AM, said:

View PostMarkus, on 18 July 2010 - 10:41 AM, said:

Our clients that will be using this program are guaranteed to have an Internet connection, so I'm not worried about that. Thoughts?

Don't do online license checks unless your program itself needs a working Internet connection all the time. Even then, think twice before you do that: your license server may go down, your hosting provider may fall victim to a DoS attack, some of your users may be behind firewalls blocking access to your server and so on.

Personally, I won't use a program that relies on the availability of a service that does not add value. Even a hardware dongle is better. By the way, there is a dongle with a twist specifically for Java.

P.S. I did not comment on Excelsior JET cause I work for Excelsior, but you may wish to read my article "Protect Your Java Code - Through Obfuscators And Beyond".

3 +1 for 3 posts
Congratulations :^:
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1