Protecting the database - what kind of solution?

H

Hellgofi

Registered User.
Local time
Today, 22:58
Joined
Apr 22, 2005
Messages
36
Hi there,

I have built a Access solution for a music school, It was installed on 3 machines.

I'd like to protect my database from installing onto another machine without my permission.

I did install database as a mde file so they cannot see my codes. However, if they copy the database to another machine (esp. another machine in different school) they can use my software without my permission. How can I prevent this? If they copy the mde file into unauthorized machine, database should work as a demo version (such as limiting the number of records in tables to 10). How can I do this? What should I check, hd id, mainboard serial or what? Is there any ready solution (at least modifiable) for that kind of problem?

regards
 
There is a number of shareware programs that support Access in this manner.
Personally I haven't seen any freeware programs that address this issue, although I believe I have seen code somewhere on the net that binds an application to hardware devices, don't remember where... There are some examples here at this site on a 30 day trial etc., but I don't think they are hardware bound.
If you don't want to spend a lot of money, here a few choices... there are others that add more functionality and price. Do a web search on Software Licensing or Software Protection.

Zapper Software

KeyedAccess


Most vendors that support Licensing are geared toward either VB6 or .Net, with some (few) supporting Access. There is a big price spread between them and functionality too. If you are serious, spend some time doing research, make a list of what you want to do (where you want to go... expand or support both Access and .Net etc.) and check their support plans/ options / reviews.
They go from just simple protection to also selling your application (providing a web site to download, buy, provide or distribute licenses etc.) for a fee.
 
You can use code to detect the users computer name.

You can use code to detect the serial number of the users C:\ drive.

I have posted code on the above. Use the advanced search option to find it.

Then you can create a function that verifies the users information and if it is not in your code then you can close the database. You will not be able to store that info in a table for a user can easily modify it, even in a mde version.

If you used true Access security then you could protect the table by assigning a user workgroup and permissions.

Making your db run with the Runtime version of Access is another option for more control.

I have used an install routine that places a "special" [non .mdb] file on the users hard drive. The db always checks for the "special" file and auto closes the db if it can not find the "special" file.

For more control you will have to perform the installation yourself on each computer to ensure that the user is not able to circumvent or take the "extra" stuff you use during the installation. That would prevent the user from transporting your application to another computer since they will not the "extra" stuff that only you have.

All of the above options are the cheap way to do what you ask. There are other methods that are more professional but they will cost you. Your need will determine the route you take.

Good luck!
 
@WindSailor
Thanks for the links, KeyedAccess seems to be a nice add-in but it's quite expensive.

@ghudson

That putting a "special" file on a disk is nice idea. At least they cannot run the database without my permission. I couldnt find such an install routine in your posts. Could you pls share it with me?

regards
 
Hellgofi:

What I do is:

1) There is a screen that is always the first screen to open. (e.g. Splash or client info screen, etc)

2) When that screen opens, it checks if there is a key in the registry that indicates that the program is "unlocked" on the computer.

3) if the key is not there, it gives the user a number (I use a 10 digit random number). The user has to call my office and receive a "registration code", which is the random number generated put through some algorithm (e.g. divide by 14, add 12, etc...). When the user types in that number, the registry key mentioned in 2) is set as unlocked.

It's up to you to decide on where to bury the key (don't make it too easy!) and what the algoritm should be! Don't forget to hide the code so the user can't use the SHIFT bypass to look at it!


I hope this helps

SHADOW
 
Ps

I just wanted to add 2 things:

1) The way I've set up that login screen is that if you type in 'DEMO', you don't need a registration code, but it stores the date in another registry key inicating when the demo period is up.

2) This system works even on a network. We charge per computer that uses the program, so every time they add another computer to the LAN, they need another code, and send another cheque. :D

SHADOW
 
I create a text file then I rename it as my ''special'' file with a special extension that will not open up if a curious user were to find it and try to double click on it to open it.

The below function is the basic routine [but not everything] that I run when the db is first opened. I keep a copy of the special file on a USB drive just in case I need to run it on the go. My routine will close the db if the special file is not found.

I use the WinZip Self-Extractor 2.2 version of WinZip for my users to install [extract] the neccessary files to their hard drive. The WinZip Self-Extractor 2.2 version allows you to lock the extraction process so that the user can not alter where the files are extracted to.

You could create a text file from code and use that as a part of your installation process. There is code floating around on how to do that. There are a lot of ways to booby trap a mdb file. My method works when needed for I am the only one who preforms the installation so I know the user never has a copy of the self extracting file. I only have a couple of db's that I worry about being transported and my home made method suits my needs.

Code: 
\Public Function Verify_Special_File()
On Error GoTo Err_Verify_Special_File

    Dim sFile As String
    Dim sLocal As String
    
    'location of your special file
    sFile = "C:\SomeWhere\SpecialFile.xyz"
    'this allows me to run the file off of a USB drive
    sLocal = Left(CurrentDb.Name, Len(CurrentDb.Name) - Len(Dir(CurrentDb.Name))) & "SpecialFile.xyz"

    If Dir(sFile) = "" Then
        If Dir(sLocal) = "" Then
            Application.Quit acQuitSaveNone
        End If
    End If
    
Exit_Verify_Special_File:
    Exit Function
    
Err_Verify_Special_File:
    MsgBox Err.Number & " - " & Err.Description
    Resume Exit_Verify_Special_File
    
End Function

Shadow, could you post your mehtod so that the others can see how to check and edit the registry? There is a lot of code involved and it might be more than some can handle. Forcing a registration code is a good way to see who is using and installing your db.
 
shadow9449 said:
I just wanted to add 2 things:

1) The way I've set up that login screen is that if you type in 'DEMO', you don't need a registration code, but it stores the date in another registry key inicating when the demo period is up.

2) This system works even on a network. We charge per computer that uses the program, so every time they add another computer to the LAN, they need another code, and send another cheque. :D

SHADOW
Click to expand...

That's it :) What I'd like to do exactly matches with that solution. Capability of running on network is great! I appreciate if you share it. I dont know anything about editing registry so pls give some details about your solution.

@ghudson
thanks a lot, this is quite simple yet effective solution. Thanks for sharing the code.
 
Code: 
 If VBA.GetSetting(appname:="ABC", Section:="DEF", Key:="XYZ", Default:="XX") = YY Then
.
.
.
  Else:
    DoCmd.OpenForm "Login"
End if

I replaced my actual data with ABC, DEF and XYZ, XX, and YY but you get the idea. THis is to check for the key.

Code: 
If Me.Register= Int(XXXXXXXX)) Then
  VBA.SaveSetting "ABC", "DEF", "XYZ", XX

This is to set the key using the algorithm which I replaced with XXXXXX.

For more information, check the Help on Savesetting and Getsetting. It will all make sense. (By the way, that's how I figured out how to do it in the first place!)

Let me know how it goes!

SHADOW
 
I was trying to apply Shodows's suggestions to my database for the last 3 days. However I couldnt come up with a working solution :( I am now using the Ghudson's method, at least they cannot copy my databse without my permission)

What I did can be summarized as follows:

I prepared a splash screen to check whether or not the correct key is in registry. If it's not there, then some code is working on each form. This code is simply checking the number of records in some tables and if maximum number of records is reached then shows a message like "this is demo, call my number xxx" and closes the form. Actually at this point, I can make a simple workaround solution: if they call me, I can give them a small program which writes the correct key into the registry. (but ppl can use this small software to unlock other database installations ,so it's not a real solution,fcuk :()

What I like to do is something different than this.

If the correct key is not in registry than database should produce a random number (such as hard disk serial number*2/3) . Then with this random number, I should be able to produce a "unlock code" That's, database should give different random numbers for each machine and I should be able to produce different unlock code for each machine. If the user enters unlock code then database should write the correct key into the registry. This is the part I couldnt solve :(

Producing a random number and unlock code is not a problem. However I couldnt find a way for this: How database can check the correctness of the unlock code? If the unlock code is true then it can write the key into the registry. However I coulndt find a way to solve this.

At this point (as an unexperienced vba user and a programmer) I need a mock-up database or some other hints about this problem.

Hope, Shadow9449 can prepare such a mock-up or give some extra infos about his solution.

regards
 
I will quote from my explanation:

if the key is not there, it gives the user a number (I use a 10 digit random number). The user has to call my office and receive a "registration code", which is the random number generated put through some algorithm (e.g. divide by 14, add 12, etc...). When the user types in that number, the registry key mentioned in 2) is set as unlocked.
Click to expand...

Let's say the algorithm is to divide the random number by 10 and add 4. The user gets the random number 4380. They then call my office and a support person will tell them to type in 442. When they type in that number, the computer checks to see that it correctly corresponds with the algorithm. If it does, it puts a key in the registry that indicates that this computer is unlocked.

Every time the program turns on, it checks if it's unlocked (while displaying the splash screen). If it is, it just continues. If it is not, it gives that login screen with a random number.

Is this more clear now?

SHADOW
 
shadow9449 said:
Hellgofi:

What I do is:

1) There is a screen that is always the first screen to open. (e.g. Splash or client info screen, etc)

2) When that screen opens, it checks if there is a key in the registry that indicates that the program is "unlocked" on the computer.

3) if the key is not there, it gives the user a number (I use a 10 digit random number). The user has to call my office and receive a "registration code", which is the random number generated put through some algorithm (e.g. divide by 14, add 12, etc...). When the user types in that number, the registry key mentioned in 2) is set as unlocked.

It's up to you to decide on where to bury the key (don't make it too easy!) and what the algoritm should be! Don't forget to hide the code so the user can't use the SHIFT bypass to look at it!


I hope this helps
I just wanted to add 2 things:

1) The way I've set up that login screen is that if you type in 'DEMO', you don't need a registration code, but it stores the date in another registry key inicating when the demo period is up.

2) This system works even on a network. We charge per computer that uses the program, so every time they add another computer to the LAN, they need another code, and send another cheque.
SHADOW
Click to expand...
Do you have a working mockup of this solution that you could share so i could see where things go and how it works. :)

cheers
optidisk
 
optidisk said:
Do you have a working mockup of this solution that you could share so i could see where things go and how it works. :)

cheers
optidisk
Click to expand...

I would have to prepare one. Someone else asked me for one, so I'll do it when I get a chance.

It's not a simple matter of pulling out some forms from my programs. I have to change all the details because you can bet that I'm not posting specifics (e.g. algorithms, places where the key are stored, etc) on the internet! Also, I would need to create a corresponding unlocker that interprets the algorithm. I created the one that I use in VB, so that would be part of the mockup.

I'm giving a seminar at a university on Thurs, so maybe over the weekend, ok?

SHADOW
 
shadow9449 said:
I would have to prepare one. Someone else asked me for one, so I'll do it when I get a chance.

It's not a simple matter of pulling out some forms from my programs. I have to change all the details because you can bet that I'm not posting specifics (e.g. algorithms, places where the key are stored, etc) on the internet! Also, I would need to create a corresponding unlocker that interprets the algorithm. I created the one that I use in VB, so that would be part of the mockup.

I'm giving a seminar at a university on Thurs, so maybe over the weekend, ok?

SHADOW
Click to expand...

Thanks Shadow, looking forward for it
 
Thanks Shadow, very much appreciated

cheers
optidisk
 
OK, here it is.

I recommend that you use the Help file to learn more about Getsetting, Savesetting, and how to generate random numbers.

Instructions:

When the program is initially run, the splash screen checks for a key in the registry using the "Getsetting" command. If it's not there, it loads a login screen. If it is there, then it loads the program's main screen.

The login screen has a random number as a "Confirmation number". In order to "unlock" the program, the user has to type in a corresponding "Registration Code". The relationship between the 2 numbers is up to you. In this example, all I did was divide by 4000 and throw away the fraction.

The user calls my office and tells the person who answers the phone what code the program displays. She will then punch it into a program that I created that does the conversion. (No one but me knows the formula). The user will type the number into the Registration Code box and press "OK". If they match, then a key is stored in the registry indicating that the program has been registered using the "Savesetting" command.

The next time the program is launched, this key will be detected and it will go straight to the main form.

Notes:


  • In actuality, I use a far more complex formula than just dividing by 4000.
  • In this example, I had it display what you should enter for the registration code in the bottom left, in case you don't have a calculator to divide by 4000. I am trying to save you time because I'm a nice guy
  • The program saves the number 100 in the registry under: HK Current User, Software, VB And VB Program settings, Test, Section , Secure. I recommend you put it somewhere else to make it harder to find.
  • I allow users to type the word "DEMO" in, and it stores the date. In the future, if the '100' is not found, then it checks if the date is in there, and sees if you are still in the 2 week demo period.
  • This program enters a setting into your registry. If you do not want this to happen, PLEASE DO NOT USE IT.

If this program helps you or you have ways to improve it, please let me know.

Here's the program:
 

Attachments

Last edited:
Thanks very much shadow, I can understand it now that I have seen the code and how it is attached. BTW typing in the word DEMO didn't work, did you not include that feature - I couldn't find a reference to it in the procedures. What, and where, would I have to write into the procedure to have this function available?

cheers
optidisk
 
typing in the word DEMO didn't work, did you not include that feature
Click to expand...

Correct.

It should be easy to have the login screen check for the word "DEMO" when OK is pressed, and then store the date in the registry.

THEN, when checking for the registry code (100 in our example), then if that fails, check for a date and see if we're still in the demo period.

SHADOW
 
I thought that would be how to do it but was just checking.
Thanks again
cheers
optidisk
 
I just wanted to simplify the example.

I recommend that if you are doing this that you at a minimum disable the F11 key; disable the ability to right click; and password protect the code modules. Otherwise it would take less than 5 minutes for an Access-savvy user to disarm your security.

I also recommend disabling the SHIFT bypass. If you do all that, then it's unlikely that the user will hack it.

SHADOW
 
You must log in or register to reply here.

Similar threads

D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
453
Isaac
Isaac
C
Database slow on terminal server running Access Runtime
Replies
13
Views
1,002
Clem Fandango
C
T
How do I delete Access lock files?
2
Replies
30
Views
3,400
Pat Hartman
P
B
How to remove password protected from VBA modules
Replies
5
Views
478
theDBguy
theDBguy
A
FE/BE Should Any Tables be Distributed in FE?
Replies
14
Views
537
Mike Krailo
Mike Krailo

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom