Security

aarontan78

Hi,

I have designed a web system using PHP.
I notice that in Windows XP system, when a PC has activated Win XP, the same copy of CD cannot be used to activate other PCs.
Here, I would like to have my PHP code to have a checking on the PC's unique ID.
Is there a unique ID for each PC? How can I access it?
My purpose is to restrict the usage of my PHP code in 1 PC.
Thanks.

Aaron

Roger_Ramjet

Well the activation process is buried deep within the binary code, it is not even in the registry or we'd just hack it to death. There is an encryption algorithm that MS use so that you can't intercept the activation packets and spoof them.

Yes, wouldn't it be nice if every pc had a unique id we could use in our code. Pity Intel and the other processor makers don't imnplement such a thing cos that would be pretty much what you are after, but they don't. There is the MAC address of course, the id of the network card or dsl modem if you are using them. Can't get at them through the browser except with something like a java applet. Dial-up user would be left out, and installing a new NIC or dsl router would blow it right away.

All you could do would be to create a registry key if it's winders, but then you would have to be running an install with the user's permission. Won't work if they are using Linux or a Mac either.

MrPotatoes

IP maybe?

Roger_Ramjet

No chance, Spud. Almost no pc has a unique IP these days

Most home users get a dynamic IP when they connect
AOL users are all behind a proxy so all you get is the IP of the proxy, likewise many other ISPs
Most business users are on a LAN and behind a proxy even when their company has static IPs
If I had a static IP and changed ISP then I would get a new IP

MrPotatoes

well then. scratch that

aarontan78

Thanks for the info. How can I create a registry key using PHP? Is it possible?
What do PHP developers usually do when they want to secure their PHP codes for a particular PCs?

Thanks and regards,

Aaron

Roger_Ramjet

PHP is SERVER-SIDE and cannot execute anything on the client. To create a registry key you need to run a program on the client. Java can do it, if the user allows the java program to run. So can C, VB, and most real client side programming languages.

There is nothing we can do to secure our code for a specific PC in php, so we don't. Web programming is programming for anonymous users and you just have to live with that. Heck, these days you cannot even be sure that it is a PC that is being used to access your website.

goaman

PHP cannot do this.. You can use c++, or c++ builder, or pascal to get bios and hard-drive serial number where windows is located. It's not hard.

MarkR

Consider providing paid support for the application, and refusing to do so on improperly licenced copies of the code. Make this clear in documentation files shipped with the code, and summarise it at the top of each source file (where possible).

Then any customers who want to rip your code will have no paid support.

Alternatively, offer your source code entirely freely and simply charge for customisation and support.

I think you're making the mistake of thinking that you're selling the runtime code as commodity, which essentially nobody does.

Mark