Results 1 to 8 of 8

Thread: [RESOLVED] How to READ and WRITE to online MYSQL database?

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Nov 2010
    Posts
    220

    Resolved [RESOLVED] How to READ and WRITE to online MYSQL database?

    Does anyone have a suggestion on how I can remotely disable/expire a VB6 application?

    Let's say that I have a VB6 application that users can 'use' (temporarily) as long as they are part of a membership or club.

    Currently, the app is 'leased' for a period of time and access ends at a pre-determined time by using a program like Software Passport.

    HOWEVER...this is NOT desirable. If the lease is broken for whatever reason, they can still use the application until the timer runs out, which is NOT good.

    I was thinking perhaps having the application log into an online server and having to retrieve an activation code or something.

    Dunno.

    Is there a really good and safe way to manage active and inactive accounts so that if an account is inactive their vb6 application will no longer function?

    ======================

    I guess it comes down to how to read and write to an online MYSQL data via VB6.

    If I enter the usernames and email addresses of the users into the database, then I suppose I could have VB6 application read this database to see if it is registered???

    Dunno.
    Last edited by webbiz; Sep 20th, 2021 at 04:02 PM. Reason: Change Title

  2. #2
    Hyperactive Member
    Join Date
    Jun 2015
    Posts
    508

    Re: How Can a VB6 app be expired remotely?

    you are on the right track, the app will have to check in with a license server to see if it is still allowed to run
    (or every x days if you want to allow some offline use)

    the check in will have to be something secure and encrypted challenge response something they cant easily fake
    like a server just responding 1/0

    in terms of a really good safe way..thats where the labor comes in. Your going to have to cook it up yourself or use a trial
    wrapper program to do it for you. Even the best systems get broken if the app is valuable enough.

    Commercial wrappers can offer very advanced security,

    http://vmpsoft.com/support/user-manu...stem-features/

    Down side, if a version of it is cracked and a tool released to defeat it, then all apps using it fall. (future concern)

    Cooking up your own can be a lot of labor to do well. Depends on the value your protecting and if its
    in a category that will attract pirates.

    If its an app for Karen in the back office only distributed to known customers then the bar is much lower
    and easier to implement.

  3. #3

    Thread Starter
    Addicted Member
    Join Date
    Nov 2010
    Posts
    220

    Re: How Can a VB6 app be expired remotely?

    Quote Originally Posted by dz32 View Post
    you are on the right track, the app will have to check in with a license server to see if it is still allowed to run
    (or every x days if you want to allow some offline use)

    the check in will have to be something secure and encrypted challenge response something they cant easily fake
    like a server just responding 1/0

    in terms of a really good safe way..thats where the labor comes in. Your going to have to cook it up yourself or use a trial
    wrapper program to do it for you. Even the best systems get broken if the app is valuable enough.

    Commercial wrappers can offer very advanced security,

    http://vmpsoft.com/support/user-manu...stem-features/

    Down side, if a version of it is cracked and a tool released to defeat it, then all apps using it fall. (future concern)

    Cooking up your own can be a lot of labor to do well. Depends on the value your protecting and if its
    in a category that will attract pirates.

    If its an app for Karen in the back office only distributed to known customers then the bar is much lower
    and easier to implement.
    It's not likely to be a coveted application that pirates would want to waste their time cracking. I suppose I'll need to learn about online access options and encryption, along with an easy way to connect application access to specific users.

    I don't suppose anyone has written up anything on this before? Would be nice to not have to reinvent the process.

  4. #4
    Hyperactive Member
    Join Date
    Jun 2015
    Posts
    508

    Re: How Can a VB6 app be expired remotely?

    sharing protection routines source entirely defeats the purpose

  5. #5

    Thread Starter
    Addicted Member
    Join Date
    Nov 2010
    Posts
    220

    Re: How Can a VB6 app be expired remotely?

    Quote Originally Posted by dz32 View Post
    sharing protection routines source entirely defeats the purpose
    I'm thinking not necessarily.

    If the whole protection itself is the routine, sure. But if the protection is the data itself, stored on a server, that data is unique for that situation. I would have my own data codes, names, whatever that would indicate a valid registration.

    I'm looking for the MECHANICS of how to do this. I've never accessed online data before and I'm far from a coding pro. So basically I am hoping to find guidance on how I can code a routine that would snatch data from my online database and determine if the program can continue running or exit out.

  6. #6
    Hyperactive Member
    Join Date
    Jun 2015
    Posts
    508

    Re: How to READ and WRITE to online MYSQL database?

    UrlDownloadToFile api to request a web page with query string parameters identifying user
    server side script in php or similar to take in the query string parameters, query the database securely and output a response in a web page
    vb app then parses/extracts/decrypts the web page response and determines what it should do.

    I would not let the end user application directly query your mysql database over the net.

    then you can add layers of encryption and shared secret negotiation between web request and response so people could not
    capture the web page and just replay its content from their own server to the app to bypass your server.

    you could also just host a static file on your server that had an encrypted listing of banned user ids and refused to run if
    the list was not found and verified or if the user was on it. invest according to value, labor, and threat.

  7. #7

    Thread Starter
    Addicted Member
    Join Date
    Nov 2010
    Posts
    220

    Re: How to READ and WRITE to online MYSQL database?

    Quote Originally Posted by dz32 View Post
    UrlDownloadToFile api to request a web page with query string parameters identifying user
    server side script in php or similar to take in the query string parameters, query the database securely and output a response in a web page
    vb app then parses/extracts/decrypts the web page response and determines what it should do.

    I would not let the end user application directly query your mysql database over the net.

    then you can add layers of encryption and shared secret negotiation between web request and response so people could not
    capture the web page and just replay its content from their own server to the app to bypass your server.

    you could also just host a static file on your server that had an encrypted listing of banned user ids and refused to run if
    the list was not found and verified or if the user was on it. invest according to value, labor, and threat.
    Awesome. Now we're getting somewhere!

    After a long fruitless search online and in Youtube (not much vb6 there), it appears your comment "I would not let the end user application directly query your mysql database over the net." is in line with standard procedure.

    So scratch that idea. No MYSQL database or access to it from 'public' clients.

    And yes, that led me to consider simply placing a file that if read in a text editor would make no sense at all as the content would only be understood by the vb6 applications (secret negotiation as you state). That should be easy create. I would write a separate app to make editing this file easy (adding or removing users) and write the scrambled hodge-podge of text, upload to replace existing online.

    As to preventing web capture and replaying on separate server, that's fuzzy to me. If the file access MUST be from a specific domain/directory/file path, can someone mimic that?

    Would it be possible to create a .htaccess and .htpasswd specifically for that directory and have that login information coded into the vb6 application, thus the specific domain/directory/file path could not be mimic without also being able to mimic those two files which they would not have access to?

    OR...

    Could I create a directory within my domain, and for each valid user create a file based on that user's username (ie. bubblez.app) and within the file the user's email address (encrypted). The first time the user installs and runs my application, he will have to enter his membership username and email address used within the membership. The app will store this information on the client so each time the user runs the application, this information (username, email address) must match the email located in the online file for that username to allow application to run. If the user is no longer a member, we just delete the file from the directory.

    What do you think?

  8. #8
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    33,489

    Re: [RESOLVED] How to READ and WRITE to online MYSQL database?

    Personally, I wouldn't go with the one file route... why? With what you're proposing, it would have all of your client's keys in it... not a good idea. Instead, do an online database - and yes, it shouldn't be directly accessible from the interwebnettubes (and any web host worth half their weight in salt won't allow it anyways)... so how do you get data from it? web-based API. In short, by having a web page that can query the data and return it for you. You pass it in something unique to the client... and it returns back the OK, Not OK or some kind of indicator if the app should continue or not.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width