Annual subscription requirement process

[Phredd]

I have designed a database and would like to restrict access based on a subscription.

If they have entered a validation code, then the database opens. If not it drops to an error message. Code then keeps working until the specified time (12 months) then will require a new validation code. There also needs to be a way for me to generate this code.

Can anyone head me in the correct direction for this.

thx

Phredd

 

[CJ_London]

depends how secure you want it to be - users could change system date for example to 'stay within' the validation period. And are you concerned about users sending a copy of the app to someone else to work off the same subscription? - or just sending them the validation code?

Usual way to create a validation code would be to hash some values together (such as a date, perhaps the computer name) (plenty of examples out there) but your app would need to decode this to extract the values to determine if still within the validation period- so a) the hashed value needs to be stored somewhere and b) your decoding code needs to be secure so users cannot see how that is done.

Where to store the hashed value? perhaps in a table, perhaps a property of the db, perhaps in the registry or a text file somewhere. Or perhaps you have a web page somewhere the app connects to on first open to check validation

If you need to generate the code, then values such as computer name won't be available to you so perhaps create a random number.

And how do you propose to renew the subscription? user sends you an email? you send them one reminding them the subscription is about to expire?

 

[Phredd]

I really only need something basic. High security is not a concern. What ever is easiest for a new player to setup.

Ideally the same code can be used on every installation for the 12 month period. Once expired there would need to be a single new code applied to each installation. For this reason the computer name would not work.

Interesting you say there are plenty of examples out there. I am obviously searching for the wrong thing. I have not been able to find any. I would imagine something relating to the date, however that would change with each installation. Maybe something that looks somewhere external (Website) and matches a value. (Not sure how that would work). If the value matches it opens and continues. If not it requests the new code.

If I could find any examples I would love to play.

 

[theDBguy]

There are also services available to manage a subscription plan for Access or other software applications, or consider third-party products like this one.

KeyedAccess for Microsof Access from Peter's Software

KeyedAccess module add-on for Microsoft Access - Provides copy protection for Microsoft Access database applications.

www.peterssoftware.com

 

[CJ_London]

Interesting you say there are plenty of examples out there

I was referring to hashing

access vba hashing at DuckDuckGo

DuckDuckGo. Privacy, Simplified.

duckduckgo.com

the problem with full examples to do what you want to do means the developer is exposing how they has done something which could put their own apps at risk - so I doubt you will find any of those.

 

[gemma-the-husky]

I got a lot of information on this site and others, but I developed my solution at least 12 years ago.
Maybe search AWF for "license","licence","licencing" or "licensing"

Anyway, here's a thread I started some years ago. As others have said, all you are likely to get is general ideas, rather than a solution, and you need pretty good understanding and coding skills. I am not sure whether paid-for solutions still require code skills or not.

Securing A Database - License Key | Access World Forums (access-programmers.co.uk)

 

[KitaYama]

To my understanding, If a human can make something, another one can break it.
Look at software giants like Microsoft, Adobe, Dassault Systèmes and others.
All of their software are breached and can be used illegally. If you can't find something, it means it's not worth the effort. Not that it has a good license system.

That's why they are moving to cloud. The software is on cloud and you have to login to your account and be verified to be able to use the software.

You may be able to secure it more or less, but there's always a back door.

 

[CJ_London]

I really only need something basic. High security is not a concern. What ever is easiest for a new player to setup.

In that case I suggest just encrypt the expiry date with a process that enables you convert back and store as a db property. Could be as simple as swapping year, month and day values around e.g.

encryptvalue=left(format(date+1,"yy"),1) & right(format(date,"dd"),1) & left(format(date-1,"mm"),1) & left(format(date+1,"dd"),1) & right(format(date-1,"yy"),1) & right(format(date,"mm"),1)

On app open, code decrypts the property and compares with the current date then takes appropriate action - open app or request a new license key. If no license key, app closes or perhaps you allow an extra few days grace.

Won't prevent your customer from potentially working it out then changing the property or system date. Or sending a copy to someone else.

But easy enough for you to send a new license key when required

Clearly the app will need to be a .accde so you will need to cater for users on different versions of access. i.e. 2007 may not open a 2010 or later db and you have the 32/64bit versions to cater for as well.

 

[arnelgp]

here is the demo.
the Code are saved in MsysCode table.
these codes are encrypted (simple encription)
the initial code is: 4V1B-I54O

you make a copy for your customer and you. so you know
which code will be on Next year.
use Decrypt(Code) to see the "real" code on MsysCode table.[/Code]

 

[Pat Hartman]

Yes, the user could change the system date but then the last update dates and the report dates and probably much of the date criteria won't work correctly. This is not something you should worry about.

Businesses tend to not steal software because they have too much to loose if they get caught. You could also go to the trouble of creating a website where the app can phone home for validation and refuse to work if confirmation isn't received. You may have to get the user's permission on installation to authorize this.

 

[gemma-the-husky]

^^^
and if a user changes the system date, I imagine it can cause issues with other stuff.

 

[isladogs]

It is possible to check whether the system date has been changed.
This is done by comparing with internet time

Run the attached db first with the correct date/time
Repeat after modifying the date/time - the app will be closed automatically

If used in a real app to improve security, change the messages or omit them completely.
Obviously, this approach will fail if you aren't connected to the internet

 

[olxx]

I know, that this is ages old thread, but anyway, maybe it will be useful for someone. If you need to store licensing info like valid_until_date etc, you don't have to hide it or encrypt it. You can store it in registry or even table. Just pair every value you want to store, with the test value to check if this value is valid. Best way to do so, is to hash together hardcoded serial number stored in code, HDD serial number and the value you want to store. Users can see the value and even the hash, but can't do anything. It also prevents users form transferring app or licenses to other computers. Downside is, that even for demo, user needs to acquire license from you. At first run or when license is expired, app won't launch and asks to activate and displays hashed HDD serial (let's call it PCID). User sends this PCID to you and asks for demo or pays for certain period. Based on that PCID you calculate the needed test values and send them to user to activate. Easiest way is to store licensing info in registry and send user .reg file. Of course, this method is only applicable in small scale. Should be reasonably safe as long access to vba code is prevented.

 

[Jason Lee Hayes]

For what it's worth i would suggest data held within the dbase or external takes preference over application security; there is nothing that cannot be reverse engineered over time and suggestions offered though useful will buy you a little more time before exposure but not for the experienced RE professional. Emphasis on encrypting data is where to start and the goal is to make the time necessary to unencrypt data so long that the data once readable is obsolete and of little use. arnelgp has the right approach....