I have a small doubt, I trying to make my application secure as much as possible so is it possible we can make a setup file that will run only once and after that it should not run on any pc. It sounds STUPID but is it possible. I don't have any code to show, I just want to know can we make it in JAVA
Asked
Active
Viewed 147 times
5 Answers
2
The setup wizard doesn't actually control when, or if, it runs. Nor does it control how many times one wants it to run. So the direct answer to your question is "no"; however, it is quite possible (and even desirable) to have the setup wizard check for "artifacts" of being ran a previous time.
If you have a setup wizard detect a file or setting which the wizard would be the only likely creator and then shutdown if it is detected, then effectively you can guard against the critical section of the wizard being run twice.
Edwin Buck
- 69,361
- 7
- 100
- 138
1
You could have the application connect to a website to check if it has been installed however it would require internet connection at the time of installation.
Then during the installation you would send notice of its installation.
I use a system like this. At time of download it generates a serial number and inserts it into a file that is later read by the installation system and used to "register" the product during installation.
Douglas Cottrell
- 334
- 1
- 4
- 14
-
Ya i know but if user tries to install the same setup file on other PC then it directly get activated i didn't used any serial key I am using the customer's PC as a key (like taking the hardware id as a key) – Vighanesh Gursale Jul 16 '13 at 18:53
1
No. You can put some reasonable steps in place to make it more difficult, but anyone truely interested in breaking your security mechanism will likely be able to.
Anything you create can be copied and executed any number of times, even if the running copy deletes itself afterwards.
This leads to the requirement of external authentication against some server each time the setup program is run. This however is also not guaranteed to work, just look at how easy/quick video game DRM is to crack as an example.
Colin D
- 5,641
- 1
- 23
- 35
1
You could read from a file that contains either true or false. Wrap the start-up of the wizard in an if statement to only execute if this variable is false, then at the end of the wizard change the file to say true. If you want to make it more secure you could encrypt the file and then decrypt to see what it says.
Marco Corona
- 812
- 6
- 12
-
Marco I thought about it before but didn't tried. I thing this could work Thanks I'll try – Vighanesh Gursale Jul 16 '13 at 19:02
-
This is a great technique, assuming nobody really cares very much about defeating it. Also assuming you don't mind having gratuitous little files kicking around. Better maybe to modify some file in your object code - at least make the user work a little bit. – Jon Kiparsky Jul 16 '13 at 19:18
1
"Is it possible" is always a tricky question, for many reasons.
I think it is unlikely that you will be able to create this to work the way you want, simply because you're talking about a security question, and if anyone is seriously interested in violating your security measures, then there will be someone better at breaking than you are at locking.
Whether your software will inspire that sort of interest, I have no way of knowing. The important question in security is "can I make this secure enough for my purposes?", and we don't know enough about your requirements, expected threat models, and so forth.
All in all, the best answer I can give you is: if you want security done right, don't do it yourself. Go to a professional and have them secure it. You want to know enough about security to evaluate the professional, so you have some hope of getting what you pay for, but you don't want to try to write that code. You might be good at writing spreadsheets or mail clients or whatever you're writing, but you're clearly not good at writing security, and it's not something you learn in a day.
Jon Kiparsky
- 7,499
- 2
- 23
- 38