TurboFloatServer-config.xml encryptedSolved

Hello,

I am implementing turbo float functionality to our software.

I have some questions i couldn't find answer for, I hope someone can help me.

1) We have to let users install a server on their hardware. But in the xml file TurboFloatServer-config.xml there are settings that have an effect on how secure our licensing is. 

For example: 

<isgenuine days_between="90" grace="14"/>

Since the server is always used in an office we assume there is proper internet. And we want to be able to revoke the license asap or lets say within a day, so we would like to let the server check internet every day. 
So we would like to set this very short. But This can easily be modified by the user.
So can I encrypt this XML?

2) When the license is changed in the wday.com portal, lets say the max number of leases is changed from 10 to 2. How long does it then take to “bleed down” to the user? I guess with the default settings this could take up to 3 months? And revoking it? i guess also 90 days max?

3) Is there a way to hide these details from user? Encryption?

4) My app just crashed. Lease is still taken. I kill the server. Then restart. It now remembered the last lease: “Existing lease loaded”. Can i prevent this. I just want to free all leases as soon as i stop the server.

thank you,

rich

, edited
Answer

1) We have to let users install a server on their hardware. But in the xml file TurboFloatServer-config.xml there are settings that have an effect on how secure our licensing is. 

For example: 

<isgenuine days_between="90" grace="14"/>

The maximum days_between and grace values are also the values we recommend. They cannot increase them past the recommended values.

So can I encrypt this XML?

No. It needs to be read by TurboFloatServer. Which means it needs to be decrypted on the device… which means any “encryption” that happens would be illusory (because the decryption keys would be on the same device the customer controls – that's how encryption works).

2) When the license is changed in the wday.com portal, lets say the max number of leases is changed from 10 to 2. How long does it then take to “bleed down” to the user? I guess with the default settings this could take up to 3 months? And revoking it? i guess also 90 days max?

Correct. But, you can always give them instructions on how to get the new leases sooner.

3) Is there a way to hide these details from user? Encryption?

No, see above.

4) May app just crashed. Lease is still taken. I kill the server. Then restart. It now remembered the last lease: Existing lease loaded. Can i prevent this. I just want to free all leases as soon as i stop the server.

This is by design. Use short lease times and crashed apps will have shorter zombie leases. 30 minutes is a good compromise (and also why it's the default lease length).

Or… design your app in such a way that a crash stops you program execution but, logs the error (in a useful way for you and your customers), drops the lease, and then shuts down.

Thanks wyatt for you quick answer.