1

This question may be easy and the answer obvious, but I can't seem to be able to find a solution right now. I built an application which has a big flaw in it. In a property of my User class, I check to see if the user subscription is expired. To do this, I compare the ending date of the subscription with DateTime.Now:

return (DateTime.Compare(DateTime.Now, subEndDate) > 0);

It doesn't take a genius user to realize that all it is needed is to change the Windows date to an earlier one, and then the application won't expire at all. So I think that comparing to DateTime.Now should not be done, is there a better method that I could use in order to validate a subscription date?

Thanks.

Regards,

Amc_rtty
  • 3,662
  • 11
  • 48
  • 73

4 Answers4

3

Call a webservice or check a database to determine if the subscription is still active

cordialgerm
  • 8,403
  • 5
  • 31
  • 47
  • so, won't that be the exact same thing? the webservice returns me a date, which I again compare to DateTime.Now. – Amc_rtty Aug 27 '11 at 22:10
  • 1
    No the webservice will return true or false by comparing to the server time – cordialgerm Aug 27 '11 at 22:12
  • As an alternative, does it make sense to have a method on the server that returns me the DateTime.Now of the server itself? And then I could do the comparing based on that current date. I ask this because the server stores only licensed users, not trials - and I need to calculate the expiration for trials too – Amc_rtty Aug 27 '11 at 22:19
2

Does this actually matter? If your product is purely web based the only time you have to worry about is your server time. If the server time is able to be altered without your consent you probably have larger problems to worry about.

If your product is desktop based, then how much protection do you want build in? If you just want to protect against your casual user the solution you have is probably enough. If someone is determined to pirate your software then they will probably be successful. If you want to make it harder for these users one solution would be to keep a log of all the times the application has been run. This way you can get an idea of they are playing with the clock.

Bob
  • 97,670
  • 29
  • 122
  • 130
1

Maybe you could extract the subscription expiration logic out of your client program and put it into an external service, then your client app could connect to a different server and retrieve expiration details based on a user parameter passed in?

0

There are several NTP servers out there which you can use for free... they return the exact time and your casual user won't have a hand in manipulating those... to access them you have several options - though none built-in:

Yahia
  • 69,653
  • 9
  • 115
  • 144