离线授权系统(VB,net) [英] Offline authorization systems (VB, net)
问题描述
我已经完成了我的代码 - 它目前在商业环境中以beta模式运行,但现在是时候进行下一步了。转向商业产品。
任何人都可以提供一些见解。
我想要的方式工作如下。
从计算机中获取唯一ID:
主板串口
cpu serial
windows serial
(我不会使用Mac地址或硬盘序列号,因为这些都可以更改)
我还想附加其他信息,例如:
客户名称
经销商名称
全部以上信息将包含在授权字符串中。
我需要能够为硬件的每个序列/名称构造一个值。这样我就能弄清楚硬件/名称的变化。 (这最终将位于基于Web的数据库上,因此网页可以识别更改,而不是我自己)
如果我从客户端收到auth字符串,那么下一个过程将是创建他们将要输入的代码。我对此的理论是每个char值的
,转换为byte,然后通过Fibonacci运行,得出一些不明确的东西,乘以素数,然后MD5那个字符串?
如果上述两个以上的字段发生变化,应该说硬件已经改变了2个,现在需要重新发布。
这让我想到了下一个问题。 (这是更进一步,但很重要)
此外,这是一个好主意吗?如果我要求他们通过MD5发送他们的硬件,这很容易找到。我应该删除某些字符。
我想从安装的计算机中获取尽可能多的信息,因为我需要能够辨别出客户端是否只是从赢得7赢得10,替换硬盘或正在尝试安装在新系统上。
我想要一个可以接受支付类型的网页。 />
它应该能够辨别出已经发生了什么变化,如果太多已经改变应该提示付款(基本上是新客户)
我尝试过:
我目前有一个auth系统,它只是附加到被查询硬件的序列号的MD5。
我把它传给了一位朋友,在2小时内,他已经把它想出来了。
他说我应该走向一个在线验证和启动系统验证,但这对我的软件不可行。
I've finalized my code - its currently running in a beta mode in a commercial environment, but it's time for the next step. Moving towards a commercial product.
Can anyone shed some insight.
the way I would like it to work is the following.
take unique ID's from the computer:
motherboard serial
cpu serial
windows serial
(I won't use Mac address or HDD serial numbers as these are allowed to change)
I also want to append additional information such as:
customer name
reseller name
All of the above information will be included within the authorization string.
I need to be able to construct a value to each serial/name of the hardware. This is so I can figure out what hardware/names have changed. (This will eventually sit on a web based database so the web page can discern the changes, rather than myself)
If I receive the auth string form a client the next process would be to create the code they would enter. My theory on this is
for each char in value, convert to byte, and then run that through a Fibonacci to come up with something obscure, multiply that by a prime number, and then MD5 that string?
if more than 2 of the above fields change, it should say that the hardware has changed 2 much, it now needs to be reauthed.
Which leads me to the next question. (This is further down the line, but is important)
Further on from this, would this be a good idea? If I ask them to send through an MD5 of their hardware this would be easy to find. Should I be removing certain characters.
I want as much information from the installed computer as possible, as I need to be able to discern whether the client has simply upgraded from win 7 to win 10, replaced a HDD or are trying to install on a new system.
I want to have a webpage which would accept a payment type.
It should be able to discern what has changed, and if too much has changed should prompt for payment (essentially a new customer)
What I have tried:
I've currently got a auth system that is just an MD5 of the serial numbers attached to the hardware being queried.
I passed this onto a friend, and within 2 hours, he had figured it out.
He has said I should move towards an online auth, and verification on startup system, but this isn't viable with my software.
推荐答案
否,永远不要问在公共论坛上设计商业软件的安全模块。
它可以帮助任何黑客破坏你的安全。
您的请求也是本论坛的主题。
我的建议:
唯一可行的方法是聘请当地专业人士签署保密合同。
NO, never ask to design the security module of a commercial software on a public forum.
It help any hacker to break your security.
Your request is also off-topic of this forum.
My advice:
The only viable way is to hire a local professional and sign a confidentiality contract.
这篇关于离线授权系统(VB,net)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
