Question Software application security question

[eldonreal]

Hi everybody,

New guy here... this is probably a very easy question. Would appreciate any and all opinions on how to proceed. Here goes...

I have a developer writing a software application for us in VB.net. Customer will purchase application from a web page, then download. Some customers will, of course, pay for software, download it, install on their PC, then demand a refund. We refund their money, they still have our software.

Therefore, I need to have the developer implement some kind of copy protection. Am considering the following:

Would like to generate (for example) 1,000 valid serial numbers (with checksums). I will upload these serial numbers to shopping cart software (using 1ShoppingCart). When person buys software, the shopping cart gives them a unique serial number.

The software application will have some kind of "phone home" capability, i.e., the software will periodically (once every week maybe?) go out and check their serial number against an online database (or other structure) which contains "valid" serial numbers.

When person requests a refund, we remove that person's serial number from our online database (or whatever) of "valid" serial numbers, and their software will no longer boot. They get a refund, we can incapacitate the software they had purchased.

Questions:

1.) Is this the best approach to take?
2.) Any recommendation on software to use that will generate large quantity of unique serial numbers?
3.) Any recommendation on any other applications to use? I saw a "Software Licensing Library" application called "LLib" that looks like a possibility. Description is at LLib Licensing Library 3.00 Software Download - Software Licensing/Protection Library

I'm really sorry this was so long - but my ability to describe wht I need is not very well developed yet . Any input or suggestions whatsoever is very very appreciated. If you want, you can even email me at brian@thebestira.com Thank you all in advance.

Eldon

 

[Untamed]

Let's use a MySQL Database.

First, install the connector [VB.Net to MySQL]:
MySQL :: Connector/Net 6.1

Then, add as a reference MySQL.Data [I think this is a .NET, if not, it is a COMM] to your project.

Put this in your imports:

Imports MySql.Data.MySqlClient

Put this at the top of your form class:

   Dim myAdapter As New MySqlDataAdapter
    Dim conn As New MySqlConnection

In form load private sub, put this:

        conn = New MySqlConnection()
        conn.ConnectionString = "Server=127.0.0.1;Database=serials;Uid=user;Pwd=password;"
       Try
            conn.Open()
            Dim serial As String = "INSERT-PROGRAM-SERIAL-HERE"
            Dim Query As String = "SELECT serial from table where serial = '" & serial & "';
            Dim da As New MySqlDataAdapter(Query, conn)
            Dim datamysql As String = da.ToString
            If String.IsNullOrEmpty(datamysql) = True Or datamysql = "" Or datamysql = " " Then
                MsgBox("Your program has expired!")
                System.Diagnostics.Process.GetCurrentProcess.Kill()
            End If
            conn.Close()
        Catch ex As Exception
            MsgBox("Can not check serial!")
                System.Diagnostics.Process.GetCurrentProcess.Kill()
        End Try

This will check if the program's main serial which you specify is in the database. If it detects it is not, it gives an error and kills the program.
If the MySQL database is down, it gives an error and kills the program.
Make sure to change the serial and mysql connection string info [just the info, do not edit the string itself as it needs to be in a certain format to work].
You'll also need to edit the query. Currently, it looks for a table named 'table' and a column in that table named 'serial'.