Key online

Javier_Cortes · December 1, 2021, 5:33am

Hello, i would love to have help or example of this because it scape of my radar:

i’m doing a MacOs desktop app.
when my app starts, it gets the mac serial number
i would love the app to read in my website https://www.example.com/licenses/file.json for a json file, look for a value name as the serial number, and if it’s there then run. if not quit.

so far i did 1) 2) and 3). BUT,
the json file in my website https://www.example.com/licenses/file.json is visible to the world, if someone type that url it shows the content in the browser. If i change the properties of that folder then my app can’t access either.

a) how can i make that file ONLY available to my app?
b) is any other approach to this? i feel i’m doing it in a very beginner way…
i’m trying to do some kind of license per computer where i can activate/deactivate computers in case the user change computers.

please help.
Thanks in advance.
Javier

Beatrix_Willius · December 1, 2021, 5:58am

That’s the nature of the Internet if you use such a simple file based solution. When someone accesses the file all your “security” is moot.

You could do a php or a Xojo web solution which uses a url and not a file.

Jeff_Tullin · December 1, 2021, 6:21am

They would have to know the file exists.
You can set your site to request that robots do not index it, and as long as it is not referenced by one of your web pages, Google (for example) wont find it.

The file doesnt have to have serials ‘in clear’ - you could encrypt them in such a way that even getting a copy of the file wouldnt tell someone what to enter into your app.

If the server is a Linux box, making a file named with a leading . makes it normally invisible.

So obfuscate the URL in your app
Encrypt the contents of the file
Hide the file on the site

Javier_Cortes · December 1, 2021, 6:33am

Hi Beatrix,
so let me see if i understand correctly your idea:
you mean like a php that receive a variable in the url and returns say true or false?
so i should sent something like: https://www.example.com/licenses/file.php?user=ytrefgt3wdr
is correct?

Javier_Cortes · December 1, 2021, 6:35am

Jeff, loved your idea of hidden files using “.”
not sure where/how to ask robots/spiders not to index specific folders or files, need to research that.
Thank you sir!

Per_Ronny_Westereng · December 1, 2021, 6:39am

Or you can use a real license system like LimeLM LimeLM: Licensing, online activation, floating license protection for software

It has support for Xojo, and is inexpensive in my opinion

Beatrix_Willius · December 1, 2021, 7:31am

Yes, even if you tell the robots not to index a file it still can be found when examining the connection.

Greg_O_Lone · December 1, 2021, 11:25am

…and bots don’t always obey the robots.txt file. It’s just a request after all.

Jeremie_L · December 1, 2021, 11:30am

Just imagine all of a sudden you get 1 million software activations.
This means that one million devices will be loading a 1000000*macserial.length file each time the app is opened. This isn’t very efficient in terms of bandwidth.

Better go with a php file or a proven licensing system.

And have you thought about users who will want to use your app with no network? Will the app immediately quit?

Tim_Parnell · December 4, 2021, 4:15pm

I used LimeLM in the past while BKS was a thing. Since starting my own business, I wrote a functionally similar system with end to end Xojo code. No plugins or dylibs to be cracked, a Xojo Web 1.0 app to act as the licensing server, and pre-configured project downloads to just drop right into your app

If anyone is interested there’s some details available on my website and I’m always happy to answer questions or set up a demo privately by email.

Strawberry Software - TPLM: Xojo DRM