Hi, Frédérick
I heard back from the developer today. He said to use the sample at
http://windowsforms.net/downloads/gdn/ComponentWithVersionCustomContext.zip
and modify it to fit your needs. I suspect that this is the same sample
that you have already looked at. If so, you would need to encrypt the
license yourself or do other things to prevent it from being modified. If
you are worried about it being changed, you could save the checksum and
verify it when you extract the license.
The difficult part here is determining how much security is enough. I
would look at how other people are handling this issue. That will help you
scope how far you need to go to match them.
Thank you for choosing the MSDN Managed Newsgroups,
John Eikanger
Microsoft Developer Support
This posting is provided “AS IS” with no warranties, and confers no rights.
--------------------
| From: "Frédérick Jacquet" <
[email protected]>
|
| Subject: Re: LicenseProvider
| Date: Wed, 4 Feb 2004 14:30:44 +0100
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| hi john,
|
| thank you for your reply but it didn't quite answer my question that was
| about the license key extracted by the licence compiler and saved in the
| .licences ressource, is that key securely stored ? if a person extract the
| ressource, is this person able to get the key and alter it ?
|
| thank you.
|
| ""John Eikanger [MSFT]"" <
[email protected]> a écrit dans le
| message de | > Hi, Frédérick
| >
| > Your best bet would be to use an obfuscator. Since the dotfuscator from
| > VS.Net ignores constants and variables, you will need to look for a
third
| > party solution.
| >
| > A couple of other alternatives that you might wish to investigate
| >
| > 1) You would have is to generate the MSIL code using ildasm.exe and then
| to
| > write your own obfuscator that modifies this code and then use ilasm.exe
| to
| > recompile the MSIL code back into a binary. This necessitates that you
| > know MISL code (the language definition is available on the MSDN
website).
| >
| > 2) You create a C++ or VB6 dll and store the key in this binary which
you
| > then invoke from your .NET assembly at runtime and use it as necessary.
| > The only problem with this is that you are still vulnerable to persons
| > using hooks to determine what api's you're calling. In addition to this
| > you make it possible for someone to brute force attack the library to
get
| > the key value.
| >
| > This is all that I can offer you. Please let me know if you have any
| > additional questions.
| >
| > Thank you for choosing the MSDN Managed Newsgroups,
| >
| > John Eikanger
| > Microsoft Developer Support
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Frédérick Jacquet" <
[email protected]>
| > | References: <#
[email protected]>
| > <
[email protected]>
| > | Subject: Re: LicenseProvider
| > | Date: Fri, 30 Jan 2004 09:01:56 +0100
| > | Lines: 32
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <
[email protected]>
| > | Newsgroups: microsoft.public.dotnet.framework
| > | NNTP-Posting-Host: afontenayssb-102-2-1-74.w193-252.abo.wanadoo.fr
| > 193.252.107.74
| > | Path:
| >
|
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
| > phx.gbl!TK2MSFTNGP12.phx.gbl
| > | Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework:64012
| > | X-Tomcat-NG: microsoft.public.dotnet.framework
| > |
| > | I read the custom LicenseProvider sample. But when the license
compiler
| > | extract the license key and store it in a resource, is the license key
| > | stored in a secure way ? (encrypted ?)
| > |
| > | "Tian Min Huang" <
[email protected]> a écrit dans le
message
| > de
| > | | > | > Hello,
| > | >
| > | > Thanks for your post. As I understand, you want to know where the
| > license
| > | > key is stored. Please correct me if there is any misunderstand.
Based
| on
| > | my
| > | > experience, the license key should be read from a .LIC file. The
| License
| > | > Key can then be verified either by calling the IsKeyValid method or
in
| > the
| > | > GetLicense method itself. Please refer to the following article for
| > | > detailed information and a sample custom LicenseProvider:
| > | >
| > | > NET Licensing
| > | >
http://windowsforms.net/articles/Licensing.aspx
| > | >
| > | > Hope this helps.
| > | >
| > | > Regards,
| > | >
| > | > HuangTM
| > | > Microsoft Online Partner Support
| > | > MCSE/MCSD
| > | >
| > | > Get Secure! --
www.microsoft.com/security
| > | > This posting is provided "as is" with no warranties and confers no
| > rights.
| > | >
| > |
| > |
| > |
| >
|
|
|
