Eddie Shipman wrote:
> Joe H wrote:
> > I found surely the simplest way of doing it. Web accesses are
> > automatically entered in our website logs along with any parameters
> > that were sent with them. Using that, all I need to do is, if a user
> > is on the unauthorised list, I pull up a web page with an error
> > warning that tells the user to call tech support, and that access
> > includes an encrypted form of the program's serial number as a
> > parameter. At the end of the month I scan the logs looking for
> > accesses to that page and decode and lookup the parameter codes to
> > identify which user attempted the access. This requires no database,
> > no backend support on the web site, no script (not-even javascript
> > in the web page) and really should do all that I need to do with
> > this.
> >
> > If you see any problems with this approach, please point them out.
> > Thanks again for answering.
>
> How will your web app know if they are authorized?
There is no app on the web. Just a file which we update from our
office. The program itself uses winInet functions to download a small
binary file of hashed serial numbers of those who are NOT authorised.
We don't have many. The program downloads that file and checks if it's
serial number hash is in the file. If not we presume they are
authorised. It's only serial numbers of customers who did charge-backs
or returned the software for credit and then attempt to continue to use
the programs or credit card thieves where the only thing we know about
them is the program's serial number. Again we don't have more than
maybe a couple of dozen entries. If we were to get thousands of
entries, then it might become necessary to make a simple database and
script on the web site to look up the hash and return a true/false
result but hopefully that will not become necessary.
--
