C
C#9mo ago
Danielx64

❔ guidance on protecting sensitive details (licence details) needed

Q: does anyone have any guidance on protecting sensitive details (licence name and serial) from being yanked from my app? Vendor says this "The first licensing option is to make a method call at app startup before any UI is referenced to register your license information. This option is quick and easy, and works best for scenarios where Actipro NuGet packages or build servers are used. See the "Licensing Via a RegisterLicense Call" section below for detailed information on this option. The second licensing option is to provide licensing via a licenses.licx file. This option is only available for classic .NET Framework applications that have direct assembly references, and is what Actipro exclusively used prior to v20.1. See the "Licensing Via a Licenses.licx File" section below for detailed information on this option" Further down the page it says this "It is important to protect your licensee and license key combination from decompilers. We highly recommend using some form of string encryption on the licensee and licenseKey values passed into the ActiproLicenseManager.RegisterLicense method. Many obfuscators include string encryption as an option, or you can use other custom logic to scramble/descramble the strings.'
4 Replies
Danielx64
Danielx649mo ago
Chiyoko_S
Chiyoko_S9mo ago
honestly it'd be really hard to really secure against that on a device where the user has full access to the device the app runs on it has to be decrypted at some point, a determined person can figure out where the encryption / decryption happens and just sniff the license keys when the key gets decrypted which is why people tend to store those kind of secrets on a server and lets the server perform on behalf of the client, but that doesn't really seem applicable here Obviously you'd want to avoid it just being visible as a plain-text all willy-nilly through decompilers... in which case you can use obfuscators or employ some sort of encryption method, but don't ever think it would be 100% secure
Danielx64
Danielx649mo ago
Thanks @not Aoba , I did manage to find a bunch of encryption and decryption functions online so I might just bite the bullet and do that. I also have the option of using the Licence.licx file so that could be the way to go.
Accord
Accord9mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ Convert .docx to .pdf without restrictionsI need to make a .pdf from a .docx, but there is a problem I have been looking at libraries and they❔ JWT + Microsoft.AspNetCore.Authentication.JwtBearerI added to my small (Asp.net Webapi) project JSON Web Token from tutorial but I don't uderstand thi❔ Question about Azure AD B2C and Front-End Authentication via APIHey everyone! I've got a question about Azure AD B2C. After someone signs up using the "RegisterPort❔ ✅ Making sense of dijkstra's algorithm for grid based player movement and pathfinding.I need some assistance with a grid based movement system for the game I'm working on. If anyone's in✅ text document boring thing but i'm stuck >_<Hey guys, I'm trying to code a program in C# that takes a .txt as input and turns only the second co`dotnet build` errors NU1202 but building in IDE worksI have `Npgsql.EntityFrameworkCore.PostgreSQL` as my package for EF and I tried to run `dotnet ef mi❔ Windows WarningIs it possible to somehow make the same window with my message?❔ I need help troubleshooting errorsI keep getting error MSB3823 and MSB3822 Status: Unfixed❔ Microsoft learn challengesIs it normal to really struggle with the MS C# challenges? I've spent more than 7-8 hours all togeth❔ Plz helpI signed up for a course and I don't understand how to do the task