Preventing end users from using copies of your front end - the solution

[Edgar_]

I would greatly appreciate that! I need it to communicate with databases like drugbank and the fda to get information in drug interactions and allergies based on the drugs ndc number.

Whoa! very interesting, checked some meds using their search and now I'm worried!

Do you have an API key? I just checked and I couldn't find a way to get one without going through their sales department, I hope they contact me though. Anyways, by their docs, it looks just like other services out there (trivial, and Access can use it).

 

[Pat Hartman]

Only YOU know what websites you need to communicate with and what you want from them. Every website that offers APIs provides documentation on how to use them. Once you get one working, the others will make more sense. I couldn't even read the directions and interepret since I wouldn't know what you wanted. Have you tried looking at the documentation the sites in question provide?

 

[TheSearcher]

Place a configuration file somewhere on the C drive (It doesn't need to have any contents) of all paying customers during installation. Then check to see if it exists. If not then Quit the app.

Dim IsItThere As Boolean

'*** Security Check in Login Form.
IsItThere = DoesFileExist("c:\zxmod\zxmod.cfg")
    If IsItThere = False Then
    MsgBox "Configuration file is Missing.", vbCritical, "ClientTrack"
    DoCmd.Quit
End If

'*** Function to see if file exists

Public Function DoesFileExist(ByVal strFile As String)

    Dim lngAttributes As Long

    lngAttributes = (vbReadOnly Or vbHidden Or vbSystem)

    Do While Right$(strFile, 1) = "\"
        strFile = Left$(strFile, Len(strFile) - 1)
    Loop

    'If Dir() returns something, the file exists.
    On Error Resume Next
    DoesFileExist = (Len(Dir(strFile, lngAttributes)) > 0)
    
End Function

 

[Luis Fernandez]

My solution, I have a text in the Windows registry that I check to see if I am authorized.
I do this authorization through a key that shows the application and that contains some bios checksums and other parameters of the equipment, the system and the allowed dates of use, to which I send another key that complements it and authorizes what I want.
This key will not work on another computer.
The Windows registry can be easily manipulated with GetSetting and SetSetting
The system can also access an authorization website to see if it is active and if not, close it.
It will only allow it to function for some time without line
This way you can remotely close the application you want, by its ID or something similar

 

[Pat Hartman]

What causes the initial registry entry to be written?

 

[Edgar_]

What causes the initial registry entry to be written?

An installation?

 

[Pat Hartman]

An installation?

I guess I wasn't clear. Where does the value for the setting come from and when does it get applied? Since it seems to be based on some local value, it would seem like the "installation" would somehow need to be customized ahead of time for each computer if this is the case.

 

[Edgar_]

I guess I wasn't clear. Where does the value for the setting come from and when does it get applied? Since it seems to be based on some local value, it would seem like the "installation" would somehow need to be customized ahead of time for each computer if this is the case.

Maybe

The system can also access an authorization website to see if it is active and if not, close it.

But yeah, maybe Luis will clarify that. Still vulnerable though. One could edit the registry entries or remove the authentication part from the code.

 

[Luis Fernandez]

Maybe

But yeah, maybe Luis will clarify that. Still vulnerable though. One could edit the registry entries or remove the authentication part from the code.

Of course you can try to search for the registry modification by comparing it with a previous version but
1.- You do not know what the entry is called, if your system is called "My system" the entry may be jhfjkdfsjkfggfyg
2.- Deleting it only blocks the system
3.- the correct password only works for one device, App and dates

 

[Luis Fernandez]

What causes the initial registry entry to be written?

When opening, the system looks for your password in the registry; if it does not exist, it creates it as unauthorized.
Before or after with the authorizing program, I authorize live or remotely, also by email key, the real key with the real options that the client purchased.
The program installed on the client initially gives me the computer data through a key like Windows, then I send the authorization key

The key of the equipment installed on the client tells me which equipment it is (unique) for that I base it on whatever I want, bios configuration, descriptions of the motherboard (texts that Windows Info offers) installed cards, installed disks.
Any modification to the computer, and of course cloning the hard drive and using it on another computer will make it stop working.

In the past I had it very restricted and changing a mouse from PS2 to USB deactivated the system and we had to see if it was that case or a clone, if the client wants to change equipment, first uninstall and with that I know that I only have to install once.
It only fails if the team dies, I decide if I give away a key or not

 

[Edgar_]

With Access, keeping things secure is a gamble. You can add some locks, but it's quite simple for someone to break into an Access app. Sharing ways to break in or share unlocked apps depends on the person doing it. So, I suggest not relying on Access for security and using a different platform instead. Often, when you make a niche app that people want, you can sell it to that niche group. But sometimes, there's someone who doesn't want to pay and tries to use it for free. They might hire someone to hack it or try to do it themselves and either give it away for free or at a reduced cost.

Anyway, good luck. Hope that never happens.

 

[Luis Fernandez]

I have not been cracked since '87, of course I have only had about 300 clients, it is not industrial or massive, I did not have the necessary capital to do it well, and sell it as a standard package, dealing with clients and their adaptations was very personal, but After several sales, the adaptations worked for everyone and I had a fairly commercial product.

 

[Edgar_]

I have not been cracked since '87, of course I have only had about 300 clients, it is not industrial or massive, I did not have the necessary capital to do it well, and sell it as a standard package, dealing with clients and their adaptations was very personal, but After several sales, the adaptations worked for everyone and I had a fairly commercial product.

That is your experience from your particular point of view. However, it's unlikely that someone who found a way to avoid paying for your product will confess to bypassing your protection. I, on the other hand, once had a call from a customer complaining about my software and I found out he was using an illegal copy of it. Someone was distributing it without my permission. One part of me was flattered, the other one was furious, with myself, for thinking an accde file would be secure. That software, which calculates 3D spots and plots them into a niche 3D application for construction boundary surveyors is now used by who knows how many people now, but I'm turning it into a .NET application to avoid this. I hope others don't go through that.

The point is, don't trust in Access' securitus.

 

[Luis Fernandez]

Something similar happened to me but it was my partner cheating, and then we separated

 

[Pat Hartman]

I get that personal applications, especially games, are subject to pirating but business applications, especially vertical market applications, not so much. Why would a company give your software to a competitor? They would be more inclined to violate their seat license count. Apparently, in @Edgar_'s case they were selling it. Assuming you can link a specific copy of the software to a specific client, that should be a slam-dunk (basketball reference) of a lawsuit. I limit some of that problem by including an expiration date in my license key.

 

[Luis Fernandez]

I get that personal applications, especially games, are subject to pirating but business applications, especially vertical market applications, not so much. Why would a company give your software to a competitor? They would be more inclined to violate their seat license count. Apparently, in @Edgar_'s case they were selling it. Assuming you can link a specific copy of the software to a specific client, that should be a slam-dunk (basketball reference) of a lawsuit. I limit some of that problem by including an expiration date in my license key.

I understand what you are telling me and it is true, you are very right, the problem is that there are other people who make systems and that the demos and some software already working give them ideas to make their own, this web control also allows you to cut the system If it is for rent or multiple payments (lising), if the client does not pay more.

But the idea is to answer this friend with software protection alternatives

 

[gemma-the-husky]

Just a thought.

Is there ever a situation where the software can think a given user is logged in when he isn't, perhaps due to a system crash, or similar.
Is there a way of clearing a login record so the registered user can log in again?
Can that be abused in any way to allow unregistered access?

 

[Luis Fernandez]

It depends on how this is done, but I don't think