License key for offline app | electronjs.org | Page 1

hollow tiger Aug 30, 2023, 12:03 AM

#

I'm setting up license keys for an app that is fully offline. One of the things I value in my application's design is the lack of external requests to remote servers.

For the initial validation, I have to make a call to my server to validate the license key. The problem is that obviously someone could validate their license key, unlock it, and then say request a refund, and have an unlocked copy.

It seems like the only way to truly safeguard against this is to -- wthin reason -- send the occasional check to a server with the user's license key, and ensure that it's still a valid one. So this would be the one external request that I'd need to send periodically. Is that the common way of handling this?

azure nimbus Aug 30, 2023, 12:46 AM

#

With electron you should also know that the source code is technically visible on the client side.

#

Someone could just as easily update the asar and remove the calls to the server

#

To answer your question though, you should always do checks everytime the app is opened (maybe even like once an hour or something.

#

Also for my former concern I found this: https://dev.to/alex114/electron-vite-easy-way-to-protect-your-electron-source-code-4pjb

DEV Community

electron-vite: Easy way to protect your Electron source code

electron-vite is a build tool that aims to provide a faster and leaner development experience for...

hollow tiger Aug 30, 2023, 1:05 AM

#

Thanks @azure nimbus and yeah, I'm actually already using v8 bytecode and have it set up

#

I know that it anything is hackable, but I do want to make it so that it's inconvenient af to do it

#

My question is more so pertaining to what is the current accepted practice. You think it's fine to do it whenever the app is opened/focused and then periodically in the background by the hour? A lot of people using my app value privacy so I want to make sure that's being considered

teal flicker Aug 30, 2023, 9:10 AM

#

Whats wrong with checking licence key every minute?

hollow tiger Aug 30, 2023, 5:11 PM

#

Checking every minute is too often, not worth the resources

teal flicker Aug 30, 2023, 5:12 PM

#

Resources for whom?

hollow tiger Aug 30, 2023, 5:24 PM

#

If I am sending a request to my server to verify if a license key is valid every minute, then that is a query I would be paying for

#

Are you trolling me?

teal flicker Aug 30, 2023, 5:25 PM

#

You dont have vps for that?

hollow tiger Aug 30, 2023, 5:26 PM

#

is that reliable?

teal flicker Aug 30, 2023, 5:26 PM

#

Its not?

hollow tiger Aug 30, 2023, 5:27 PM

#

Yes it is

azure nimbus Aug 30, 2023, 6:16 PM

#

Assuming you don't have a vps, you can always use a service like vercel, netlify and cloudlare to host your api for checking this.

#

They have very generous free tiers

hollow tiger Aug 30, 2023, 6:37 PM

#

What's the best way to get a VPS setup?

#License key for offline app