Date stamp a stack
J. Landman Gay
jacque at hyperactivesw.com
Tue Dec 30 11:36:43 EST 2008
Bill Marriott wrote:
> But perhaps you're a little modest.
I've been accused of that before. :)
> Yes, there are a variety of schemes for trials, and not all of them are
> time-limited. Some publishers offer a limited number of program launches
> before a trial ends, instead of a specific timeframe, for example.
Right, everyone's needs will be different. My primary concern is that
whatever method Zygodact might use, if it is cracked, then everyone who
has integrated Zygodact into their work will be affected if word gets
out. So I'm thinking it would be better if software authors use whatever
method they prefer to track trial dates, and the more varied, the better.
Zygodact's internal registration scheme is unique for each user copy, so
it doesn't matter if "word gets out" on that aspect. Even if someone
discovers how it's done, it would be very difficult to decrypt that
particular copy's hash scheme.
> Since Zygodact generates the activation codes, I think it would be a handy,
> optional feature to bake an encoded expiry date into trial codes, ala
> Revolution trials. The developer can't really customize that aspect of the
> system, right? Hm, maybe if they appended an encoded date before/after/into
> the code generated by Zygodact?
> Anyway, codes with embedded expiry dates is probably a more foolproof way to
> ensure people don't abuse trials. A weakness of the hidden stack/file
> approach is that a user can simply find that file and delete it to
> reactivate a trial.
That's the problem. I've written other client registration schemes with
embedded expiration dates and they work fine, but we kept the user
database on a server and the app had to "call home" to check its own
validity. TeachMac is one example that uses Zygodact's algorithm, but
since it is a fully online training system, contacting a server is a
normal part of its activity. But most people don't want their software
to require online access (and I personally don't like it at all.)
Zygodact does return data to the scripts that will allow authors to use
the server method if they want to, but I leave that up to the author.
> This way, they have to request a new key to keep a trial
> going. Not perfect, but you could at least see when emails keep coming in
> from the same IP address, mail server, etc. (Without the kind of "phone
> home" activation most users find offensive, you can't really do anything
> about determined trial abusers.)
I'm thinking about this about for a future update, among other features.
But again, the problem is in using a method that would affect all
Zygodact users if it were discovered.
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the Use-livecode