Hello! After finishing up my offline licensing scheme, and releasing it. I realized that it could easily be circumvented by requesting a refund, as an offline license can’t be invalidated remotely.
Thus, I’m thinking of switching to an online, account-based scheme, where licenses are stored on a database. I could potentially also add a check for machine id, so that a license is only valid on the machine it was assigned to.
Could I still use my RSA customer-data-to-signature validation? Any thoughts or ideas greatly appreciated, thanks!
One thing I’ve seen work for this quite effectively, is to use DNS .. so you’d have some sort of scheme where the users custom domain is queried - if the license is still valid, you return a TXT record with the key details, and if not, well .. you don’t. I don’t know if this would work for you but its an interesting approach .. you’d need to set up a programmable DNS server using PowerDNS or OpenRESTY I guess ..
yes, that would work. I use AWS as it’s basically free for low level traffic. the only thing to be aware of is that Windows updates sometimes cause a new machine ID to be generated which is a total pain in the backside.
