Quote Originally Posted by LaVolpe View Post
There is always a way.

That "my.web.site" example is probably not really worthwhile. Since you can't send a gibberish url, other simple tools could be used to get what is passed to your server: packet sniffing for example.

What I provided might work well for internal activation/hashing. Instead of passing a string to a hashing/encryption routine, you pass an array. The idea is you don't want to use literals in your activation/validation code.
The url thing was an example of what I'd like encrypted but I know there is a way to decode that. I was more concerned with strings like "Wrong Serial, Try Again!" And they'd know where the check is made and patch it.