I have a VB.NET application that I would like the user to be able to run for a fixed period, then have it switch to a partially restricted mode. I have the code in place to do that, as well as code to encrypt data. What I need is to be able to track the date the application is first used. And have the date saved somewhere and in a format that the user is not likely to be able to reset it. Is there a preferred way to do this, such as some obscure Registry key?
If it 100 percent requires this, then you need to store the information in your server. This is quite hard to do. If it doesn't need to 100 percent high security, you can use Settings in your application, or the registry. Here is a good tutorial on using settings in your application: http://www.dreamincode.net/forums/topic/72654-using-settings/.
If you want to use the registry, then here is a good tutorial on that: https://msdn.microsoft.com/en-us/library/85t3c3hf.aspx. Note that using the registry requires administrator privileges.
Related
I want to make use of registry to store installation date.
This would allow me to check application expiry on each run, so when I install my application on any PC the registry subkey will be created and store current date as installation date.
I am using Visual Studio Installer Set up and Deployment.
If you have any other suggestion to achieve this, please share.
As a general answer, create a registry item and put the appropriate Windows Installer property there, in this case [Date] in square brackets, case-sensitive, just like you'd put [TARGETDIR] to record the installation folder. This avoids code.
However it is a bad idea, as the comments point out. Apart from the fact that it can be defeated, the poor person that installs it then can't use it for a week is in trouble. You should start the clock on first run of the app. That's fair and accurate.
Otherwise, give each user something unique, maybe a license key, and have the app call into your company's web service on first run, saying "this key started now", then you can check every time the app runs and say no after the timer has expired, then you're using your company's clock, not the user's.
I am in the process of building a completely fresh version of an application that has been in existence for a good many years. I can look back with horror now at some of the things I had done, but the whole point of life is to learn as we go along. The nice thing now is that I have a clean slate from which to work, and it's because of that that I thought that I would seek some advice from you all.
User settings are great for those things that each individual user would naturally want to and ought to be able to change, a theme or visual style for example. Application settings should quite obviously apply to the entire application irrespective of whoever uses it.
Somewhere in the middle though are a set of settings that I would like to give the system administrator the opportunity to change (default work periods, appointment time slots, the currency the company wants to use as its main trading one etc etc). These can't be user settings because individual users should not be able to change them, nor should they be application settings because I as the developer have no idea what the end user (or to be more exact the senior end user) would want to set them to.
Many years ago I might have considered writing such settings to the registry, or an ini file. I could perhaps (as this is an application that is tightly integrated with its own custom database) create a one off settings table, and read in the relevant settings at program startup. I could perhaps opt for a separate 'universal settings' xml configuration file stored in the all users directory. Clearly a number of options.
What I would like to try and establish though is the most efficient way to approach this. What is the best trade off between file read and write operations as against reading everything into a set of public constants at application start-up? These are not going to be settings that will only be referred to occasionally so efficiency is going to be key.
Just so that there is no ambiguity as to what the application will be. Traditional winforms, using vs 2012 as the development ide and vb.net as the code base based on .net4.5 and ef 5.0. Backend data to be stored in either sql express or full sql server. Target operating system for end users will be windows 7 or above (so due respect for the uac will be required).
I'd welcome any suggestions that you might have.
For my VB.NET applications, I am wanting the user to have a free trial for x amount of days.
Where is the best place to record the amount of days past?
In the registry? Can't someone just delete the registry key, and then have the full x amount of days again?
Is there a better way?
Anything you store on the user machine could be compromised.
If you are serious about this thing then your "best" option is to have a webservice that your apps call at every startup passing some form of identification string.
(And this could be compromised too).
For the purpose to generate an identification string you could look at this question and the following answers
It doesn't matter where you store something on the local machine because it can always be removed.
A user could start up a Virtual PC install your app, and then roll back the virtual PC after 28 days and install again.
One option is to generate a key that is unique to the machine and then verify this with a web service. This is not completely hacker proof but it is better.
You could add some information to any file saved with the trial version of your app which is unique to that specific version of the app (perhaps a timestamp from when it was installed).
When a trial version of your app tries to open a file, it will check this signature and ensure that it was created with that same instance, otherwise refuse to open the file.
This essentially neuters the ability to simply reinstall the app and continue using it.
I am writing a program in Objective-C (Xcode 3.2, on Snow Leopard) that is capable of either selectively blocking certain sites for a duration or only allow certain sites (and thus block all others) for a duration. The reasoning behind this program is rather simple. I tend to get distracted when I have full internet access, but I do need internet access during my working hours to get to a number of work-related websites. Clearly, this is not a permanent block, but only helps me to focus whenever I find myself wandering a bit too much.
At the moment, I am using a Unix script that is called via AppleScript to obtain Administrator permissions. It then activates a number of ipfw rules and clears those after a specific duration to restore full internet access. Simple and effective, but since I am running as a standard user, it gets cumbersome to enter my administrator password each and every time I want to go "offline". Furthermore, this is a great opportunity to learn to work with XCode and Objective-C. At the moment, everything works as expected, minus the actual blocking. I can add a number of sites in a list, specify whether or not I want to block or allow these websites and I can "start" the blocking by specifying a time until which I want to stay "offline".
However, I find it hard to obtain clear information on how I can run a privileged Unix command from Objective-C. Ideally, I would like to be able to store information with respect to the Administrator account into the Keychain to use these later on, so that I can simply move into "offline" mode with the convenience of clicking a button. Even more ideally, there might be some class in Objective-C with which I can block access to some/all websites for this particular user without needing to rely on privileged Unix commands. A third possibility is in starting this program with root permissions and the reducing the permissions until I need them, but since this is a GUI application that is nested in the menu bar of OS X, the results are rather awkward and getting it to run each and every time with root permission is no easy task.
Anyone who can offer me some pointers or advice? Please, no security-warnings, I am fully aware that what I want to do is a potential security threat.
If you want to do something with admin privileges, and you don't want to have to authenticate each time, it sounds like you need to look at setuid.
Make little command-line executable to do the rule changing, and then set that tool's owner to root. Then, set the setuid bit. Now, you can run it as a user and it will run as root.
Look here for more info:
http://en.wikipedia.org/wiki/Setuid
You have to create a separate process that runs with higher privileges. Have a look at the BetterAuthorizationSample on how to run such helper applications using launchd.
is there an api to change the Access Permissions for the COM Security? i need to write new values to "Edit Limits..." and "Edit Default...". are these plain registry settings? can't find how to set these entries.
The quick answer is Yes they are registry settings, the long answer is No they are not simple registry settings. The values are binary and point to an ACL structure. In order to change these you need to load, update, and save the ACL (which requires a fair amount of code). The DCOMPerm sample in the windows SDK is a decent place to start, i have used it as a basis for a set of classes i use at work to handle this problem (Unfortunately, i am not able to release that code into the public domain)
You can review the MSDN Documentation for the DCOM key structure - that covers computer wide settings. COM application specific settings are stored under its APPID in the registry in the AccessPermission and LaunchPermission values.
Keep in mind that modifying the ACLs for the machine wide settings can quickly render your machine unusable if you do it incorrectly. If i remember correctly, you can simply delete the values (via RegEdit) and the OS will restore defaults to bring your machine back... but i'm not 100% certain on that anymore.
EDIT: The binary data is actually a Security Descriptor, but ultimately its the contained ACL that needs to dealt with - the SD just adds one more layer of code when unpacking/packing it.