License File for Custom Application
I would like to create a tool to provide an encrypted, binary license file to limit my customers to only the features and instances that they are licensed for. I was thinking something along the lines of this:
1. A simple Web Application on my side to create the license file with inputs of server hostname, features, and concurrent users. This Web Application would then generate the encrypted license file to either a local share or to a customer-facing portal.
2. My application would check for this encrypted file on startup and not run if the license file was missing, corrupt, or expired.
3. My application would only read this file once on startup and cache all system information, i.e. hostname, features, concurrent users, etc.
Does anyone see any immediate problems with this high-level design, any suggestions / improvements? Should I use thejava.security.Signature class? Are there any examples or tutorials out there to get me going?
Thanks in advance for your help / experience.
[1058 byte] By [
pennstumpa] at [2007-10-1 17:39:39]
OK, so I'm down to two approaches.
1. Write to a Properties file, then encrypt the file.
2. Serialize a License Class to a String, encrypt the String, then write the output to a file.
Does anyone see a problem with one of these approaches, or see why one reason might be better than the other? I really appreciate anyone taking a second to think this over. Thanks.
I am also trying to secure my JEE application using a license file, I am still considering different approaches and designs directions ,
my comments about your direction is that checking on the startup only is not suffecient, you may want to issue and evaluation or time limited versions. In my application the license is time limited, so I cannot depend on server startup.
I am creating a JEE application that will be sold to customers bundled with JBoss as default application server, the application is not free, the license requirements are like this:
- Hardware based: e.g. MAC address of the NIC.
- Licenses should be issued per server (in a cluster)
- Licenses should have maximum number of connected clients, we will have rich clients running as Webstart application and connected to JBoss via remote EJB interfaces.
- Licenses should have validity period (or expiration date)
Challenges:
1- the server will be running continuously (hopefully :)), which means I cannot only check for the license in the start of the application but also periodically. what is the best approach to do this in JBoss?. A solution might be background thread to continuously read the license file and update a 揕icense?object in a shared repository (memory, JNDI, etc) , but how to secure this repository from outside changes?
2- How to control the number of connected clients? I think this is not a JEE standard (it is not a webapplication , my clients are using EJB remote calls), any recommendations here?
3- How to Check for Hardware properties Mac address inside JBoss (and in Java in general) ?
Any help or suggestions about this are high appreciated
