IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [license-enforcement]

License enforcement the application of an access control policy on code, restricting the environments in which it may be executed.

License enforcement is a type of digital rights management where the access control restrictions concern code. For example, a license enforcement policy might constrain the code to be executed on a particular machine, or only on a single machine at once. Use this tag for questions about code licensing schemes, license key management, copy protection mechanisms, etc. See also , .

47 questions
38
votes
5 answers

Is it really Security Misconfiguration to show a version number?

Our web application uses a HTML file with jQuery embedded inside. According to the jQuery license (https://jquery.org/license/), we have to leave the license header intact, including the version number. Our client reported exposure of the product…
stormtrooper
  • 481
  • 1
  • 4
  • 4
34
votes
11 answers

Can 'cracked' product keys harm the user in any way?

If a user download commercial software through the official, corresponding website, but use a product key which you did not legitimately purchase (e.g. websites that offer a list of product keys for free), does that harm anything other than the…
Ben
  • 343
  • 1
  • 3
  • 4
16
votes
3 answers

License key / Serial number generator and checker

I need a serial number generator and accompanying checker. I would like to be able to set a salt (and maybe a length). The generator should only produce serial numbers that pass the test of the checker. Those numbers should only account for a small…
Dave
  • 261
  • 1
  • 2
  • 6
8
votes
3 answers

A safe license System

So I'm trying to think of a good way to check if the license key a user supplies for a program is legit or not. Let's suppose this is the way they get there license They make some type of purchase. A server generates a license based on their…
Austin
  • 733
  • 6
  • 14
4
votes
2 answers

How can I generate short signatures?

I'm looking to create a licensing system, and I need a serial generation scheme. I want to sign some data with a private key and verify it with a public key embedded in the software. I don't need something that is easily typable, only easily…
Ziv
  • 201
  • 2
  • 4
4
votes
1 answer

Encrypting/decrypting our license key

We need to provide a license key to customers for our application. The actual license is XML but we need to encrypt it and then in our program decrypt it. I think it is the following, but am asking to make sure I'm not missing something (the below…
David Thielen
  • 383
  • 1
  • 4
  • 13
4
votes
5 answers

Should you notify software vendors that their software has been cracked?

Apologies if this is not the right place to ask this question, I will happily move it to another Stack Exchange site if need be. Before I explain the rationale behind the question, let me clear up a few things first. I enjoy cracking software, for…
BrutalDev
  • 202
  • 2
  • 9
4
votes
1 answer

The best ways to persist the license client information in the database

I develop a license server and a license client system (Java based applications). The flow is the following: The license is stored on the license server The client application includes a license client component. The license client connects to…
Michael
  • 1,457
  • 1
  • 18
  • 36
4
votes
1 answer

Storing License Keys

I'm creating an application which generates licenses key and stores this in a database (the licenses are checked online). I don't wish to store these license unhashed, in case the database is stolen. However, once the license key is hashed (with…
Stephen Harris
  • 143
  • 5
4
votes
2 answers

C++ binary obfuscation: how to get around license checks being a simple if/then branches?

I'm looking into binary obfuscation for an exectuable binary written in C++. I realize preventing cracks is impossible, but making it slightly harder would be nice. No matter how complex the actual license scheme is, I can't think of a way to…
Tyson
  • 143
  • 3
3
votes
1 answer

How to notify Adobe about a software issue

Recently, I stumbled upon a way to reset the software trial of any product under the adobe suite. It's as simple as changing some attributes within a few files. I'm assuming that it can be deemed an issue because it shows no signs of piracy (such as…
rolexgold18
  • 55
  • 1
3
votes
2 answers

Client-Server Authentication Security Issue

This is a repost, because i accidentialy posted on stackoverflow first I was wondering how i could achieve a high security level, using Client-Server Authentication. Below is a rough draft of what i thought about: Let me explain it a bit more: The…
ZZ_James
  • 33
  • 5
2
votes
2 answers

Obstacle in Implementing a Time Limited/Number of Use Limited Software

How does one implement a trial period in a product properly, e.g. a trial period that lasts 30 days, or limits the number of product uses to 10? Storing the entries, even in an encrypted form, isn't secure: Users can backup the registry values, and…
techno
  • 475
  • 1
  • 4
  • 13
2
votes
1 answer

Examples for practicing reverse engineering/disassembly of win32 .executables

I remember back in the day, there used to be a website where users would post hackits in the form of win32 exes for users to crack. Usually the goal was to defeat some sort of DRM, such as a nag screen, etc. The challenges would be classified by…
nedR
  • 315
  • 1
  • 11
2
votes
1 answer

Manufacturer-assigned hard-disk serial number as licensing ID

I'm deploying software that is licensed based on uniquely identifiable computer characteristics. I am wondering about the Manufacturer-assigned serial number of an internal fixed hard-disk. To be clear, I am not referring to the Volume Serial…
Joe
  • 133
  • 3
1
2 3 4