This needs to be hashed with your salt AND a timestamp. This method would store "LIVE" or "DEAD" (or something sufficiently similar) in a table or a file, but again HASHed.
Therefore I suggest a second method of protection as well. After all, you've got to store this somewhere internally, which means if it is overly obvious it could be easily subverted, and even if it isn't overly obvious, it can be easily reverted by restoring the appropriate table(s)/file(s). The harder part is going to be keeping the application dead. You could get fancier and have the application send the request to your site and you look it up in a database on the fly, but the file (for what I'm assuming would hopefully be a short list) would hopefully remain small and may be the easiest way. MD5 or similar plus a secret should be sufficient for this. If it is found, then the application knows that it should die until the blacklist is removed. Then, on a recurring basis, your software initiates a download of this file (most server-side languages provide for this) and then searches it for the hash of the installed license key. How you manage this file is up to you, but the file itself need only have a hash per line. You need a publicly-available website somewhere that hosts a file containing the hashes of license keys that have been blacklisted. There are many ways to implement something like this, but here's one that shouldn't be too hard to do:
0 kommentar(er)
