I am developing software which I want to sell online. The typical pay the vender, get a digital key that unlocks the application scenario.
I've never set this up before, does anyone have any info on good service providers, and things I need to know when setting this up?
Microsoft uses digital river, maybe check them out?
You can checkout a typical license acquisition flow using FastSpring
FastSpring / NetLicensing flow
This combines FastSpring e-Commerce and NetLicensing license management.
You did not say what language you are planning on using, but this is a great solution for a .net compiled language:
http://xheo.com/products/copy-protection
It provides two key features. First the ability to automatically generate your licenses based on many different ecommerce solutions so you don't have to keep paying a 3rd party a % for it. Second, it offers code protection to prevent people from using Reflection on your software to crack it / steal your intellectual rights. (note i said prevent, not completely stop)
I'm using FastSpring, you give them binary file and keys, and you setup your account to send an email that contains these two informations. you can tell them what you want and they will do it for you
Related
What considerations are needed when creating a web app that is intended to be used in an industrial plant setting for a company? My specific use case is an industrial facility with several different production plants that would each have its own device for the application interface.
How do companies enforce the usage of such apps on a monitor/tablet? For example, could I prevent them from using other stuff on the tablet?
Importantly, how would security work? They'd share a device. There may be multiple operators that use the app in a given shift. Would they all use the same authentication session (this is not preferable, as I'd like to uniquely identify the active user)? Obviously I could use standard username/passwords with token based sessions that expire, however, this leaves a lot of potential for account hijacking. Ideally, they'd be able to log on very quickly (PIN, perhaps?) and their session would end when they are done.
As long as there is internet connection, I would presume that there isn't much pro/con regarding the use of native applications versus web based or progressive web apps. Is this assumption correct?
What's the best way of identifying which device the application is being run on?
Is this a common thing to do in general? What other technologies are used to create software that obtains input from industrial operators?
--
Update - this is a good higher level consideration of the question at hand, however, it has become apparent why focused, specific questions are helpful. As such, I will follow up with questions that are specific.
Identifying the Area/Device a Web Application is Accessed On
Enforcing Specific Application Use on Tablets
Best Practices for Web App Authentication in Industrial Settings
I'm not able to answer everything in great detail but here are a few pointers. In the environment as you describe we usually see these two options. 1) you tell them what you need, internet, security, if they give you device and how it will be configured 2) they tell you exactly what you need to deliver.
I do not think you can 100% prevent them. We did it by providing the tablet( well laptops in our case) and the OS configuration took care of that, downside we had few devices to support. You seem to hint that there is always an internet connection so I guess you can collect all info about the system and send it back to you daily?
We were allowed to "tap" into their attendance SW and when you entered the facility you were able to use your 4 digit pin to log in if you were out of premisses you could not log in at all. I can imagine the following: you log in with your username and password - this does full verification, after that, you can use 4 digit pin to login for next n hours.
maybe, kinda, depends on what you are doing. Does the browser have all features you need? Our system needs multicast to perform really fast, so we have a native app
touched on this in 1. You could also use device enrolment process. You can also contractually force them that there will be only your software and it may invalidate support contract. It really depends on your creativity. My favourite( and it works - just tell them, there will only be installed my software and if not you will pay me double for support. I only saw one customer who installed some crap on the device when there were told not to
it really depends on what industry you are talking about, every industry is different. We almost always build a custom solution
The enforcement of the device/app usage depends on the customer, if the customer asked for help in the enforcement, then you can provide guide, training and workshops. If the customer serious about the enforcement then it will be a policy that's adapted by all the organization from top to down. Usually seniors will resist a workflow change more than juniors, so top management/executive should deal with that. Real life story: SAP team took 6 months to transform major newspaper workflow, during that few seniors got fired because they refuse to adapt the change.
Security shouldn't handicap the users, usually in industrial environment the network is isolated or at least restricted through VPN to connect multiple sites (plants in your case), regarding the active user: we usually provide guide/training/workshop for the users and inform them that using colleague account or device will prevent the system from tracking your accomplishment/tasks, so each user is responsible to make sure the active account/device is the one assigned to him/her.
It depends, with native you have more controls than web, but if the app is just doing monitoring then most of today apps use web for monitoring and the common way to receive input is REST APIs (even if the industrial devices doesn't support REST API, a middleware could be written to transform the output). If you need more depth about native vs web you need to ask new question with more details about the requirements.
Depends on the tech you are using (native or web), and things I mentioned in point 2: you can use whitelist of devices that's allowed to run the app. overall there are many best ways to track down the device.
How common in general? I think such information can only be achieved by survey, the world full of variations. And having something common not mean its safe or best, our industry keep changing at all levels. So to stay in the loop, we must keep learning and self-updating without reboot.
We have a web platform with 5 sites. Authentication is implemented with login/password only. My management told me that we need to add social login with Google and Facebook and for it I should look to Auth0 solution.
I checked it, it's look quite interesting but could somebody give me the real benefits of it's integration to our system what is quite difficult today? Price for 10 000 active users is 1440$ per month and I'm asking myself if it is really so difficult to implement social login?
In past, I created myself a simple prototype that logins with Google, it did not take a lot of time.
I suppose that everything is not so simple, so what am I missing and why do we have to buy this solution instead creating something simple ourselves?
I stumbled upon this question when I was researching about using Auth0.
I came to these conclusions, but your mileage may vary.
Here are some of the pros of using Auth0:
Almost any webapp you use is going to implement authentication. This is table stakes and there are lot of cookiecutter solutions for various frameworks, but can be hard to get it right and secured. One less thing to maintain and worry about when you are building your product. Their starter free plan is sufficient for most startups' needs.
Auth0 has got SDKs in various languages and a ton of documentation. Its easy to integrate it with your application.
It provides compliance with various standards(Ex: HIPAA), if that's a key requirement for your product.
Auth0 is not without its disadvantages. Remember that you are offloading your entire user data to a 3rd party app in exchange for flexibility. They do offer a way to migrate this data back to your app in case you need it, thus avoiding any vendor lockin.
I am looking for a software that can within defined timeframe request one endpoint in the system and provide its output to another one. I am dealing with internal endpoints, that is why 3rd party SaaS are not an option.
Things that I need it to do is
It should be configurable on the run (preferably through HTTP API)
It should request one endpoint and feed the output to another one
It should let to configure time frame
It should accept various authentication methods (for both sides)
Preferably support by community and opensource
Preferably free to use
I made quite extensive research on the internet withing last two days but was able to find only SaaS that provides that. I also asked my collegues at work but they could not suggest me anything useful. I am sure there is already something exists, it just me who could not find it.
After searching for me and looking for various DevOps tools, I discovered that such class of software is refereed as job Schedulers or Workload Automation. Most of the solutions are rather complex commercial system that provides not only such functionality. However there are some open source solutions available as well.
List of available software (it is not complete):
https://en.wikipedia.org/wiki/List_of_job_scheduler_software
I'm working on a project on VB.NET that requires multiple clients to access the software simultaneously. However these clients will be having different levels of authority on the software such as some will be Admins, some will be Managers, some will be Users.
As pictured, the Users will have only certain features of the software available to them and Admins have full control on the software.
I will be asking the clients to identify themselves when they start the software, maybe through a Username and Password. Once identified, the forms application should show only relevant forms and controls to them.
How do I develop my code so that I can incorporate User profiling? Are there any industry-standard ways of going about with this?
I would look into role-based security as a good starting point. Here is an article I found that gives an example of doing this - http://msdn.microsoft.com/en-us/library/aa480723.aspx It is a bit outdated (2006), but I think the concepts should be current.
HTH
Wade
There are a number of free finance tracking sites out there like mint.com, wesabe.com etc.. .
I've tried all of them and all seem to miss the mark in one way or another. I'm interested in creating my own website, or possibly just a stand alone windows program for tracking my finances in ASP.NET or C#.NET.
I'm assuming the answer is no, but is there any way that a personal developer can download transactions from financial websites like these? I know once you login to most financial sites you can download a CSV or Quicken file. Yet I really like how I can log-in to my Mint.com account and update all my accounts with one click.
Popular applications (like Quicken) and most major US banks support Open Financial Exchange (OFX). If a bank can connect to Quicken, it probably supports OFX (though not guaranteed).
I doubt very many banks have public APIs for this. More likely than not, you will need to send HTTPS requests to the various banking websites, and you will probably have to have custom code for each bank that you wish to support, tailored to the structure of their websites and their form elements.