外部模块安全 [英] External modules security

问题描述

我正在为应用程序开发一些外部模块.

I am developing some external modules for an application.

这些模块是BPL文件，如果存在于应用程序文件夹中，则应用程序将加载它们并使用内部可用的任何内容.

These modules are BPL files and if present in the application folder the application loads them and uses whatever is available inside.

如何防止我的客户共享这些模块?

How can I prevent the sharing of these modules by my clients?

我需要他们被授权使用模块(逐个模块).

I need them to be authorized to use the modules (module by module).

要获得某种许可证，模块的注册，最好的方法是什么?

To have some sort of license, registration of the module, what is the best method?

谢谢

推荐答案

简单思路(1):

我假设您的客户都有唯一的ID(序列号，许可证号).当您合法地将BPL授予您的一个客户时，请给他两个文件:BPL本身+一个包含BPL名称+用户的许可证号的哈希值的文件.如果无法验证哈希，请不要加载BPL.确保您不对BPL本身进行哈希处理，最终会遇到因感染病毒而无法使用BPL的不高兴的客户！

Simple idea (1):

I assume your clients all have some sort of unique ID (serial number, license number). When you legitimately give an BPL to one of your clients, give him two files: The BPL itself + a file that contains a hash of the BPL's name + the user's license number. If the hash can't be verified, don't load the BPL. Make sure you don't hash the BPL itself, you'd end up with upset customers that can't use your BPL because they caught a virus!

让BPL导出一个类似于function OkForClient(ClientID:string):Boolean的函数.这使您可以将验证从BPL更改为BPL.

Have your BPL export a function that looks like this function OkForClient(ClientID:string):Boolean. This allows you to change the validation from BPL to BPL.

花一个星期学习有关非对称加密的方法，即用攻击者即使他们知道算法也无法复制的东西替换第一个选项中的哈希文件.

Spend a week learning about asymmetric encryption to replace the hash file in the first option with something that can't be reproduced by an attacker, even if they do know the algorithm.

这篇关于外部模块安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！