Save/Change string in Module
- Thread starter rahulgty
- Start date
I want to make changes in module and save string in module, but do not want let user to view the module. In fact I am distributing application with a serial number (generated on the basis of HDD serial). The serial number is stored in a table and a start-up form tally this serial on each start-up. If user try to copy the program on other computer, he get a (input box) message that "to run this application on this computer enter the correct serial no, for serial contact to vendor".
To obtain the manufacturer serial of HDD, I have a separate small utility which generate HDD serial in a text file. On the request of user, I send this small program to user by e-mail attachment. And finally after receiving the HDD serial of user with
payment I use to send algorithm based decoded application serial to my user.
Now problem is that, this number is stored in a table of front-end .mdb, and any curious user can see that and try to decode it. However the module is locked with password, and shift key disabled in properties, but this is very light security, which can be broken easily. Even in after converting the front-end in .mde, the tables are opened. So I want to store this encoded serial in module.
If you have any other idea or suggestion your welcome.
Rahul
To obtain the manufacturer serial of HDD, I have a separate small utility which generate HDD serial in a text file. On the request of user, I send this small program to user by e-mail attachment. And finally after receiving the HDD serial of user with
payment I use to send algorithm based decoded application serial to my user.Now problem is that, this number is stored in a table of front-end .mdb, and any curious user can see that and try to decode it. However the module is locked with password, and shift key disabled in properties, but this is very light security, which can be broken easily. Even in after converting the front-end in .mde, the tables are opened. So I want to store this encoded serial in module.
If you have any other idea or suggestion your welcome.
Rahul
- Local time
- Today, 13:55
- Joined
- Feb 28, 2001
- Messages
- 30,562
Good call, Uncle Gizmo. Database attribute is indeed one way to do this.
rahulgty, you can modify the source string that appears in a database module if you want, but you cannot COMPILE and SAVE the code that results from this change while you are yourself RUNNING THAT SAME CODE. I.e. like the cartoons where a character saws off the tree limb on which he is sitting, you will have a rapid fall to a sad situation. The TECHNICAL reason you can't do this is because the code object is open, therefore cannot be overwritten. It is LOCKED. You have to be in design mode to be able to do this. Which means EXCLUSIVE ACCESS to the module.
Here's another thought, not to be tried unless you are willing to get your hands really dirty digging through the documentation. There are some two-input hashing algorithms that might be useful. They let you input one number and the system derives another number from a parameter you can try to read. Like using code to read registry keys to find the serial number of the disk on which the code is installed, or at least the hardware cpu serial number. You might wish to look up hashing algorithms which can be found in network DLL files so that you could input a string, read another string from the registry, and generate some sort of key.
You might also wish to consider PKI infrastructure. It is possible to have self-generated PKI certificates that you could use to encrypt something. In the latter case, you would self-generate a PKI cert. Then use your private key and this e-mailed value you mentioned to generate a string. You can include your public key in your product to service the decryption step that would allow your code on the user's machine to check that it's on the right box.
I.e.
1. User's CPU s/n --> emailed to you.
2. You encrypt CPU s/n with your private key.
3. You send encrypted output back as product key.
4. Your startup screen asks for key, which your user enters as the product key. You can even store this literal value in a table. If there is a value in the table already, maybe you DON'T ask for a key until you try it first.
5. Remember, your product can "know" your public key. (That's why it is called a PUBLIC key...)
6. Using public key and the encrypted copy of CPU s/n, DECRYPT the user-input string - which should symmetrically decrypt back to the cleartext CPU number, and compare it to the CPU s/n. If the CPU actual s/n matches decrypted CPU s/n, allow other things to happen. If not, ask for another key.
You can even STORE the encrypted key in the DB because without your private key to convert it, it doesn't matter whether or not anyone can see it. Just don't store the decrypted version.
Hope that was clear.
rahulgty, you can modify the source string that appears in a database module if you want, but you cannot COMPILE and SAVE the code that results from this change while you are yourself RUNNING THAT SAME CODE. I.e. like the cartoons where a character saws off the tree limb on which he is sitting, you will have a rapid fall to a sad situation. The TECHNICAL reason you can't do this is because the code object is open, therefore cannot be overwritten. It is LOCKED. You have to be in design mode to be able to do this. Which means EXCLUSIVE ACCESS to the module.
Here's another thought, not to be tried unless you are willing to get your hands really dirty digging through the documentation. There are some two-input hashing algorithms that might be useful. They let you input one number and the system derives another number from a parameter you can try to read. Like using code to read registry keys to find the serial number of the disk on which the code is installed, or at least the hardware cpu serial number. You might wish to look up hashing algorithms which can be found in network DLL files so that you could input a string, read another string from the registry, and generate some sort of key.
You might also wish to consider PKI infrastructure. It is possible to have self-generated PKI certificates that you could use to encrypt something. In the latter case, you would self-generate a PKI cert. Then use your private key and this e-mailed value you mentioned to generate a string. You can include your public key in your product to service the decryption step that would allow your code on the user's machine to check that it's on the right box.
I.e.
1. User's CPU s/n --> emailed to you.
2. You encrypt CPU s/n with your private key.
3. You send encrypted output back as product key.
4. Your startup screen asks for key, which your user enters as the product key. You can even store this literal value in a table. If there is a value in the table already, maybe you DON'T ask for a key until you try it first.
5. Remember, your product can "know" your public key. (That's why it is called a PUBLIC key...)
6. Using public key and the encrypted copy of CPU s/n, DECRYPT the user-input string - which should symmetrically decrypt back to the cleartext CPU number, and compare it to the CPU s/n. If the CPU actual s/n matches decrypted CPU s/n, allow other things to happen. If not, ask for another key.
You can even STORE the encrypted key in the DB because without your private key to convert it, it doesn't matter whether or not anyone can see it. Just don't store the decrypted version.
Hope that was clear.
Thanks Uncle Gizmo, I will be grateful if u will please show me the way how to store string in property of database.
Also thanks to The Doc Man,
I am doing same thing, instead of CPU s/n I am using same thing with HDD s/n. I encrypt the HDD s/n and send to user, which he enter once in a form, which appear only if he try to run application on another PC. As the encrypted number store in table and a code on startup form retrieve the HDD sl no and encrypt it and match with s/n stored in table. But I want to store that encrypted s/n on such a place in my database that no one can see that.
One more thing, I also want to avoid unnecessary correspondence if user formats his hard drive. For which, at present I am using code which retrieve HDD manufacturer s/n, not the drive no.
Thanks again to both of you.
Also thanks to The Doc Man,
I am doing same thing, instead of CPU s/n I am using same thing with HDD s/n. I encrypt the HDD s/n and send to user, which he enter once in a form, which appear only if he try to run application on another PC. As the encrypted number store in table and a code on startup form retrieve the HDD sl no and encrypt it and match with s/n stored in table. But I want to store that encrypted s/n on such a place in my database that no one can see that.
One more thing, I also want to avoid unnecessary correspondence if user formats his hard drive. For which, at present I am using code which retrieve HDD manufacturer s/n, not the drive no.
Thanks again to both of you.
davidbenson34
New member
- Local time
- Today, 14:55
- Joined
- Apr 2, 2008
- Messages
- 4
HDD Manufacturer's Serial
This is a little side question relating to this thread. I am using VBA to validate that a machine has not changed and have been looking for a way to extract the HDD manufacturer's Serial using VBA and store it as a constant. Would you be willing to share the code you use to extract it? Thanks in advance for any assistance!
David
This is a little side question relating to this thread. I am using VBA to validate that a machine has not changed and have been looking for a way to extract the HDD manufacturer's Serial using VBA and store it as a constant. Would you be willing to share the code you use to extract it? Thanks in advance for any assistance!
David
Similar threads
