i have an web application in which i want to restrict the user from using the system after pre-defined time. for eg: when i set up my application in a machine i will provide a license for 2 months and after two months the application should not allow any user login? how to do this ? any help would be highly appreciated
At the time of install, make a entry in Windows Registy about installation date/time. Always check that at the time of login, and if it is more than 2 months in the past - do not allow login!
At the time of install capture the system date time, hash it with a secret key, and store that information in the file system in your installed dir. Everytime at the time of login check this hash and do the needful.
Were you thinking on these lines or something else?
There is a more simpler way possible, though not foolproof.
You mentioned a web application.
When tomcat explodes the war file, the last modified timestamp of the corresponding folder matches the time it was exploded. Just check that with the current system time.
You can write a serial number generator, which encodes the expiration date in itself so you can always check the decoded date against the current date. This method prevents the user to easily find and modify the expiration date.
I'm also curious if there's a really good solution for this. My first idea is to connect to some public time server and get the time from there(if it is possible). Or measure running hours or store the date and time on install(and update after every check) and check at startup to detect time manipulation.
Miklos Szeles wrote:I'm also curious if there's a really good solution for this. My first idea is to connect to some public time server and get the time from there(if it is possible). Or measure running hours or store the date and time on install(and update after every check) and check at startup to detect time manipulation.
The only relatively fullproof way to do this is to reject access by default and only grant usage access at login if your web app can succesfully verify that that user has a valid, non-expired license by checking with a remote server controlled by you that has this license information available. I say relatively fullproof because if the licensee has access to the deployed JAR files it is possible to reverse engineer your code and remove this obstacle.
Once upon a time there were three bears. And they were visted by a golden haired tiny ad: