Free Support Forum - aspose.com

Securing License


#1

I know there are other posts on this topic but none of them address this question:

I appreciate the idea of encrypting the license file when distributing an application, but you all realize this only presents a nuisance to a determined hacker right? By definition, if we use encryption, the encryption KEY then needs to be accessible to the application somehow, either itself embedded as a resource or in code, or obtained remotely when the software is registered. In the former case, it would be easy to learn the key through disassembly. In the latter case, someone could use a packet sniffer and/or attach a debugger to learn the key. In the end any protection method conceivable is just obfuscation not true security.

That said, I certainly will employ the protection methods that have been recommended. I just want to be sure everyone realizes that they could be circumvented by a smart, determined hacker. Unless I’m missing something?


#2

A better protection mechanism IMHO might be for Aspose to provide individualized .NET assemblies to each customer that will only permit being called from .NET assemblies signed with a specific public key token we would provide. It’d be a little more overhead but would afford everyone greater protection I think.


#3

@peter0302,

I have observed your comments. We are investigating your requirements on our end and will get back to you with feedback soon.