1

I am developing some external modules for an application.

These modules are BPL files and if present in the application folder the application loads them and uses whatever is available inside.

How can I prevent the sharing of these modules by my clients?

I need them to be authorized to use the modules (module by module).

To have some sort of license, registration of the module, what is the best method?

Thanks

Jlouro
  • 4,515
  • 9
  • 60
  • 91
  • 1
    BPL is just executable code, you'd license them the same way you'd license any other code, including your "main" exe. – Cosmin Prund Feb 28 '11 at 13:08

1 Answers1

2

Simple idea (1):

I assume your clients all have some sort of unique ID (serial number, license number). When you legitimately give an BPL to one of your clients, give him two files: The BPL itself + a file that contains a hash of the BPL's name + the user's license number. If the hash can't be verified, don't load the BPL. Make sure you don't hash the BPL itself, you'd end up with upset customers that can't use your BPL because they caught a virus!

Simple idea (2):

Have your BPL export a function that looks like this function OkForClient(ClientID:string):Boolean. This allows you to change the validation from BPL to BPL.

Complex idea:

Spend a week learning about asymmetric encryption to replace the hash file in the first option with something that can't be reproduced by an attacker, even if they do know the algorithm.

Community
  • 1
  • 1
Cosmin Prund
  • 25,498
  • 2
  • 60
  • 104
  • 1
    Sensible idea: use a 3rd party solution and avoid re-inventing the wheel – David Heffernan Feb 28 '11 at 14:22
  • @David, that should read: "If you need to ask about security, use a 3rd party solution". I'd never trust my own code's security to any 3rd party, but then again (I think) I know what I'm doing. This is one wheel that's worth reinventing: you're in control and no generic hacks against your 3rd party provider's scheme are going to get you. – Cosmin Prund Feb 28 '11 at 14:45