Serial Registration/Activation Thoughts
Posted: Sun Aug 17, 2014 9:00 am
Hey, so... this subject again.
I'm working on a couple of plugins that I intend to sell for a small price. I've been weighing my options on how to work out a purchase/activation mechanism.
Some key points:
-I have no intention of locking out "hackers," "crackers" or "pirates." If they want to crack the thing they will do so one way or another so there's no point even trying to prevent that.
-This topic isn't about the algorithms involved in encrypting/decrypting and such. I can figure that out later.
-Yes, I know I could just give it away free and then beg for donations, but I've already decided against that.
What I DO want to do is provide a very simple password registration process that will offer a thin layer of protection, just enough to discourage people from simply handing it out to their buddies like it's nothing.
So the idea of how I'd like it to go is they buy, their payment details hit server side code, they receive an email with an activation code generated based on their email address. Then they'd just type in their email and the code in the plugin and it would be unlocked.
The clear issue here and the main point of this topic is that I would like there to be just one extra layer of protection involved somehow, because it would be so easy to buy the plugin and then post your email/code on some internet forum for all to use. But I don't know of a simple and unobtrusive way to do it.
There are the HDSerial and MAC address values available. But both of these are flawed solutions. People change hardware, move files, and I want to avoid web-based activation if possible.
Another idea I've had so far is also flawed. If I could generate a code that was linked to the current time/date, and then make it valid for only say 48 hours (the buyer could send an email to request a new code), that could limit widespread sharing. But in order for it to work, either the buyer's system time would have to be assumed accurate (and they could simply change it if they knew), or it would have to access a web server.
At this point I'm just looking for ideas. I want it to be quick and painless for the end user, and just barely secure enough to make someone feel like they'd have to make an effort to give it away for free. Any thoughts are welcome. Thank you.
I'm working on a couple of plugins that I intend to sell for a small price. I've been weighing my options on how to work out a purchase/activation mechanism.
Some key points:
-I have no intention of locking out "hackers," "crackers" or "pirates." If they want to crack the thing they will do so one way or another so there's no point even trying to prevent that.
-This topic isn't about the algorithms involved in encrypting/decrypting and such. I can figure that out later.
-Yes, I know I could just give it away free and then beg for donations, but I've already decided against that.
What I DO want to do is provide a very simple password registration process that will offer a thin layer of protection, just enough to discourage people from simply handing it out to their buddies like it's nothing.
So the idea of how I'd like it to go is they buy, their payment details hit server side code, they receive an email with an activation code generated based on their email address. Then they'd just type in their email and the code in the plugin and it would be unlocked.
The clear issue here and the main point of this topic is that I would like there to be just one extra layer of protection involved somehow, because it would be so easy to buy the plugin and then post your email/code on some internet forum for all to use. But I don't know of a simple and unobtrusive way to do it.
There are the HDSerial and MAC address values available. But both of these are flawed solutions. People change hardware, move files, and I want to avoid web-based activation if possible.
Another idea I've had so far is also flawed. If I could generate a code that was linked to the current time/date, and then make it valid for only say 48 hours (the buyer could send an email to request a new code), that could limit widespread sharing. But in order for it to work, either the buyer's system time would have to be assumed accurate (and they could simply change it if they knew), or it would have to access a web server.
At this point I'm just looking for ideas. I want it to be quick and painless for the end user, and just barely secure enough to make someone feel like they'd have to make an effort to give it away for free. Any thoughts are welcome. Thank you.