Where to create/keep secret files for license information/trials on Windows/Mac OS X/Linux?

file licensing hidden invisible
BastiBen picture BastiBen · Apr 29, 2010 · Viewed 12.2k times · Source

I'm writing a commercial product which uses a simple registration mechanism and allows the user to use the application for a demo period before purchasing.

My application must somewhere store the registration information (if entered) and/or the date of the first launch to calculate if the user is still within the demo/trial period. While I'm pretty much finished with the registration mechanism itself, I now have to find a good way to store the registration information on the user's disk.

The most obvious idea would be to store the trial period in the preferences file, but since user tend to delete/tinker with those from time to time, it might be a good idea to keep the registration information in a separate, more hidden file.

So here's my question: What is the best place/strategy to keep and create such hidden files on Windows, Mac OS X and Linux? Here is what came to my mind so far:

Linux/Mac OS X

Most Unix-like systems are rather locked down when it comes to places a user can write files to. In most cases this is only the /tmp directory and the user's home directory. I guess the easiest here is probably to create a file with a dot-prefix to make it less visible, then give it a name that won't make it obvious that it's associated with my application.

Windows

Probably much like Linux/Mac OS X - more recent Windows versions become more restrictive when it comes to file system permissions.

Anyway, I'd like to hear your ideas and thoughts. Even better if you have already implemented something similar in the past.

Thanks!

Update

For me the places for such files is more relevant than the discussion of the question if this way for copy protection is good or bad.

Answer

Abtin Forouzandeh picture Abtin Forouzandeh · Apr 30, 2010

Who cares where you put the file. Its the contents you want to protect.

On the server side, encrypt/sign the user info with a private key and distribute it the user. Email a license file, have the application connect and download it, whatever.

In your application, include the public key. If you cant authenticate/decrypt the file, fail. If you can, continue to function. You only ever need to reconnect to the server if you can't authenticate the license file. You only need the most primitive "license server" to support this. If you email the file, the "license server" is just a script that encrypts a string and emails the user.

Nothing will protect you from sophisticated attempts to hack your application. But this solution will deny casual users the ability to break your license.

And if you want to prevent the user from re-registering multiple times or sharing the license file with their friends, record their MAC address server side and in the license file. Personally, I wouldn't do this. And it won't stop sophisticated hackers, but its up to you to decide how much time to spend in the cat and mouse game.

Related questions

How do I check whether a file exists without exceptions?

How do I check if a file exists or not, without using the try statement?

Read More
How to read a file line-by-line into a list?

How do I read every line of a file in Python and store each line as an element in a list? I want to read the file line by line and append each line to the end of the list.

Read More
How do I include a JavaScript file in another JavaScript file?

Is there something in JavaScript similar to @import in CSS that allows you to include a JavaScript file inside another JavaScript file?

Read More