Offline deactivation with self-destruct

Question

Offline deactivation with self-destruct

RobinP

Hi,Would it be possible to make the offline activation response files self destruct on use? For example store a hash of the XML and don't allow it to be used again. This would help close the possible hole where the customer deactivates and sends us the deactivation file, but then immediately reactivates using the same file again (see also other recent thread on this topic).

We might actually implement this ourselves but it won't be as secure as if you did it.

Regards,Robin

Apr 29, 2015

Wyatt O'Day · Answer 1 · 2015-04-29T17:06:37Z

Would it be possible to make the offline activation response files self destruct on use?

No.

For example store a hash of the XML and don't allow it to be used again.

No, this could be easily reset.

This would help close the possible hole where the customer deactivates and sends us the deactivation file, but then immediately reactivates using the same file again (see also other recent thread on this topic).

We'll be adding the ability to block this behavior in LimeLM (by not allowing offline deactivations without permission while the online activation response file has not yet expired).

RobinP · Answer 2 · 2015-04-29T17:11:43Z

Hi,

>by not allowing offline deactivations without permission while the online activation response file has not yet expired

I'm not sure what you mean by "without permission". The user is offline so there can be no permissions check.

Robin

Wyatt O'Day · Answer 3 · 2015-04-29T19:02:44Z

The deactivation request still goes through LimeLM servers, and that's where you can control whether the customer is allowed to deactivate or not.

LimeLM
Overview Pricing & Sign up Why LimeLM? Tour Log in Help
wyBuild
Overview Pricing & Buy Features What's new Help
Support forum
wyDay blog
wyDay Home
Downloads Buy Contact us Careers

Guest name
Youʼre not logged-in, but you can still post as a guest.

Email