ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder

Protect license file on server?

Author Message

Joined: 12 Mar 2008
Posts: 3

PostPosted: Fri Mar 14, 2008 8:47 pm    Post subject: Protect license file on server? Reply with quote

Is there a way to protect the license file on the server from being read by others by direct linking to it through a web browser?

Here's the scenario:

I sell software that is not limited to the domain. In fact, it encourages people to build numerous sites with the software.

I include properties in the license, one of which is the payment ID. It's setup to communicate with my server every two weeks for a quick check to verify the license tied to the payment ID is still valid. This way, if someone offers my software on a warez site, I can simply download it and check the license file, then disable the license for that payment ID. Within two weeks, all sites using that license will be invalid.

The problem is, right now, anyone can download someone's license which would allow unauthorized use.

Here are some things I've considered/tried, only to meet with an ultimate inability to implement:

1) Put the license file in a subfolder of the root where the encoded software resides. For example, software resides in folder: /myscript

I put the license file in /myscript/license/license.txt

Problem: The decoder doesn't know the license is stored there and I can't seem to find anything that would allow me to specify a location when compiling.

2) Use a .htaccess to deny all in main folder

Problem: When my script tries to include files, during a browser session, it is prevented from including. Seemed a clever idea, until I realized the deny prevented my own script from doing what it needed.

3) Store the license file in mysql and call it when needed.

Problem: No functions to pass a license string into. Seems to only be able to check properties through an existing license file.

So I'm stuck and hoping for some suggestions. My software cannot be tied to only one domain. It's designed to improve websites and an end user may have many sites, and can be used on as many sites as they own.

I can't seem to find any method to protect the license from others copying it, which would in turn allow them to use my software without registering.
Back to top
View user's profile Send private message
ionCube Support

Joined: 16 Dec 2004
Posts: 2801

PostPosted: Sat Mar 15, 2008 11:38 am    Post subject: Reply with quote

1) when you specify the name of the license file to the Encoder when encoding, it does not need just to be a filename. It can be a relative or absolute path. So when encoding you could specify that the license path be a directory with a unique name, plus the license file; e.g. poodle/license.txt
The Loader appends the expected license path to whichever directory it is looking in when searching for the license file. So you might put the file in youprojectroot/poodle/license.txt
This would not stop someone from making the license file available to others though.

2) There are various things that you could do in an htaccess file to achieve what you want. Having a rewrite rule would be one so that access to the file is redirected elsewhere. A user could always take that out though.

3) Licenses cannot be stored in the database, although you could store a value in the DB that had to match one of the license properties, and validate that in your scripts.
Community Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube PHP Encoder All times are GMT + 1 Hour
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum