Downloading a customised version of an app from a website
-
A friend has an interesting problem. He has a site that allows people to register, and once they register they can download an application that will consume data from the site. What he needs is a way for the site to somehow stamp a user's ID onto the application so that when it's downloaded and first run it will immediately know to access the website using that person's info. I can think of a number of dodgy (and potentially not cross-browser friendly) solutions such as using cookies, dynamically building an install file on the fly in order to include a resource file with the user ID, or even simply asking the user when they first run the app to enter their details, but there must be a simple, neat way that my caffeine starved brain is missing. cheers, Chris Maunder
-
A friend has an interesting problem. He has a site that allows people to register, and once they register they can download an application that will consume data from the site. What he needs is a way for the site to somehow stamp a user's ID onto the application so that when it's downloaded and first run it will immediately know to access the website using that person's info. I can think of a number of dodgy (and potentially not cross-browser friendly) solutions such as using cookies, dynamically building an install file on the fly in order to include a resource file with the user ID, or even simply asking the user when they first run the app to enter their details, but there must be a simple, neat way that my caffeine starved brain is missing. cheers, Chris Maunder
Here's an (admittedly simple-minded) approach:
- The process of registration causes the site to create a user-specific copy of the download app. If the app is
foo.exe, the registration process creates the filefoo_1234.exe(where1234is the user specific id), if it doesn't already exist. - The app sends the user's id (gleaned from its filename) in its HTTP request to download data, causing the host to respond with user-specific content.
[edit] Of course, you should use something more cryptic than just the user's id. Maybe add a timestamp and a checksum at the end. [/edit] /ravi My new year's resolution: 2048 x 1536 Home | Articles | Freeware | Music ravib@ravib.com
- The process of registration causes the site to create a user-specific copy of the download app. If the app is
-
Here's an (admittedly simple-minded) approach:
- The process of registration causes the site to create a user-specific copy of the download app. If the app is
foo.exe, the registration process creates the filefoo_1234.exe(where1234is the user specific id), if it doesn't already exist. - The app sends the user's id (gleaned from its filename) in its HTTP request to download data, causing the host to respond with user-specific content.
[edit] Of course, you should use something more cryptic than just the user's id. Maybe add a timestamp and a checksum at the end. [/edit] /ravi My new year's resolution: 2048 x 1536 Home | Articles | Freeware | Music ravib@ravib.com
I thought of that one too but because the user's ID is part of the filename it's open to abuse/spoofing, unless you seed and encrypt the id. cheers, Chris Maunder
- The process of registration causes the site to create a user-specific copy of the download app. If the app is
-
I thought of that one too but because the user's ID is part of the filename it's open to abuse/spoofing, unless you seed and encrypt the id. cheers, Chris Maunder
Chris Maunder wrote: unless you seed and encrypt the id. Easily done using MD5 methinks? Another option would be to download a customer specific encrypted binary datafile (a la the old "license key file"s of yore) that would be accessed by the (generic) app when making the request. There are ways to prevent the license file from being used by the downloader app on another machine. /ravi My new year's resolution: 2048 x 1536 Home | Articles | Freeware | Music ravib@ravib.com
-
A friend has an interesting problem. He has a site that allows people to register, and once they register they can download an application that will consume data from the site. What he needs is a way for the site to somehow stamp a user's ID onto the application so that when it's downloaded and first run it will immediately know to access the website using that person's info. I can think of a number of dodgy (and potentially not cross-browser friendly) solutions such as using cookies, dynamically building an install file on the fly in order to include a resource file with the user ID, or even simply asking the user when they first run the app to enter their details, but there must be a simple, neat way that my caffeine starved brain is missing. cheers, Chris Maunder
The other 'old way' would be to patch a copy of the .exe. 0. Write application with a global variable that is initialized with some distinct data. 1. Server gets new registration and creates an encrypted blob of the user information. 2. Server creates a copy of the .exe to be downloaded and writes the encrypted blob over the place where the distinct data is. 3. Now when the app is run by the user the data in the global variable is passed, decrypted, and the user information used for the connection. This really does 'stamp a user's ID onto the application' which means all copies the user makes (and may give to friends) will use this information ... although if you use the ethernet MAC as part of the user information you could prevent this. This method would have whatever drawbacks you felt 'dynamically building an install file on the fly in order to include a resource file with the user ID' has. ...cmk Save the whales - collect the whole set
-
A friend has an interesting problem. He has a site that allows people to register, and once they register they can download an application that will consume data from the site. What he needs is a way for the site to somehow stamp a user's ID onto the application so that when it's downloaded and first run it will immediately know to access the website using that person's info. I can think of a number of dodgy (and potentially not cross-browser friendly) solutions such as using cookies, dynamically building an install file on the fly in order to include a resource file with the user ID, or even simply asking the user when they first run the app to enter their details, but there must be a simple, neat way that my caffeine starved brain is missing. cheers, Chris Maunder
If he wants to go the "whole hog", he could use our Call Home Licensing technology: http://www.tectite.com/tectitelic.php Russell Robinson (russpub at rootsoftware dot com) Author of TTMaker (Advanced Timetabling Software) http://www.rootsoftware.com
