View previous topic :: View next topic |
Author |
Message |
sun21170 Guest
|
Posted: Thu Jan 07, 2021 11:48 am Post subject: Encrypted licensing question |
|
|
I am trying to understand ILS by running the Licensed ASP.Net Application sample.
I have a couple of questions regarding Licensed ASP.Net Application sample.
1. Does ILS use asymmetric encryption?
2. When I input an arbitrary string in license key textbox and click on Install License, then I get an Invalid License Key message. However, if I input a license key that I generate from License Tracker application for the asp.net product, then it is accepted and license file is created. How does ILS know that license key is valid when no database call is being made?
If license key is not checked against database then the same license file can be used in other web applications that have not purchased a valid license. |
|
Back to top |
|
|
sun21170 Guest
|
Posted: Mon Jan 11, 2021 8:01 am Post subject: |
|
|
Regarding point number 2 in my original question, I noticed a loophole in ILS.
I had created 2 products called LicensedWebsite and Another Licensed Website with same Basic License Settings. I used the existing sample of LicensedWebApp that comes with ILS download. I generated a new license key for both the above products.
The problem I noticed was that if I input the first or second product's license key, it gets accepted and a license file was created. Only one product's license should be accepted.
This is a problem because it means that a single license key could be shared by a customer with others and each of these other customers would then have a validated license key to use my software product without having to pay for a license. |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Thu Jan 14, 2021 9:52 pm Post subject: |
|
|
The encryption is based on the Product and Authentication Passwords that you enter when configuring the product. For the evaluation we only allow a single password of "Test" which does mean you can only really evaluate a single product. For a real usage each product should have a separate password to avoid this _________________ Infralution Support |
|
Back to top |
|
|
|