External modules security

366 views Asked by At

I am developing some external modules for an application.

These modules are BPL files and if present in the application folder the application loads them and uses whatever is available inside.

How can I prevent the sharing of these modules by my clients?

I need them to be authorized to use the modules (module by module).

To have some sort of license, registration of the module, what is the best method?

Thanks

1

There are 1 answers

2
Cosmin Prund On BEST ANSWER

Simple idea (1):

I assume your clients all have some sort of unique ID (serial number, license number). When you legitimately give an BPL to one of your clients, give him two files: The BPL itself + a file that contains a hash of the BPL's name + the user's license number. If the hash can't be verified, don't load the BPL. Make sure you don't hash the BPL itself, you'd end up with upset customers that can't use your BPL because they caught a virus!

Simple idea (2):

Have your BPL export a function that looks like this function OkForClient(ClientID:string):Boolean. This allows you to change the validation from BPL to BPL.

Complex idea:

Spend a week learning about asymmetric encryption to replace the hash file in the first option with something that can't be reproduced by an attacker, even if they do know the algorithm.