Topic: lisp security

[Ron Heigh]

I've been asked to research some security options for our custom lisp routines.
I'm going to compile all the routines, but I need to include a routine that checks for the correct security code in the support path.
If the security code isn't valid, the lisp routines will not run.
Has anybody done this before?  Anybody interested?

[Mark]

Sounds like fun, what about using a registry key?

[Ron Heigh]

A registry key to hold the begin date and the number of days to remain active would be great.  Obviously, this data would need to be hashed from within the routine so it can't be registry hacked.  If the program was compiled as well, I could call it from the start of my compiled routines.
Email me to discuss your fees.

[Craig]

Hey hey Ron, whats up man? How's that company web site coming along. Did you guys find a host plus fix your forms?  

[Ron Heigh]

Hey Craig, great to hear from you.
The company site is running good.  I fixed the form myself.
After getting a few quotes for hosting, they decided to stay where they were.
Turns out, the price they were paying wasn't too bad.
Things a pretty busy around here.  Big jobs with tight schedules.

[SMadsen]

The only "security" I ever did was setting expiration dates on some VLX demo previews sent to clients. I got the orders so apparently it worked

I think the criteria for security have to be considered very carefully. What kind of security code did you have in mind? When is a user allowed to run the lisp routines and when is (s)he not allowed? Is it based on profiles, passwords or a key in file or registry? If the latter then keys can be copied and a checksum verification should perhaps be used.
Are all your routines to be compiled into a single file or multiple files?

[Ron Heigh]

I'm going to be using a registry key that expires the software every month.
If I don't update the network, it won't work.
Call it, Job Security.
Now they can never fire me. lol

[JohnK]

Or they fire you for industrial sabotage. ...Or whatever they want to call it.

[Ron Heigh]

I sure hope not.
They've asked me to do it.

[JohnK]

Why do they want to "Lock 'em down"? Are they worried about Prop. rights or something?

[Ron Heigh]

I've written too much software for these guys to have it just laying around anymore.

[JohnK]

I guess i dont get it, but thats cool. ...Whatever they want i guess.  

I wouldnt put it in the reg. I would create a  file in the acad dir (With a small app of course) and give it a special line in the file.  Every time your app runs, if the file dosent exist, dont run.  Besides, your avg, cracker is gonna look in the reg. first anyway.

[ELOQUINTET]

yeah i could write it for you here's a start :

(Dan -full access)))

how's it look  

dan

[Mark]

>cracker is gonna look in the reg. first anyway
Maybe a "cracker" but is the CAD user going to? How will they know the program writes to the reg. Unless you know what you are doing and know of the right software to use you may or may not find the correct key, let alone the correct value. I would opt for some special file if autolisp were able to write to binary. Guess we could always write a small C++ app to handle that part.

[JohnK]

Just write a crap load of "^@" symbols to the file and add some text to it. Give it a goofy extension. (Thats what i would do.)

VB can write binary. (But Cpp is cooler.)