Quote Originally Posted by cmmorris1 View Post
Thanks LaVolpe. So by doing it this way is there any way for the hacker to decrypt the code in memory or any other possibilities?
There is always a way.

That "my.web.site" example is probably not really worthwhile. Since you can't send a gibberish url, other simple tools could be used to get what is passed to your server: packet sniffing for example.

What I provided might work well for internal activation/hashing. Instead of passing a string to a hashing/encryption routine, you pass an array. The idea is you don't want to use literals in your activation/validation code.