Offline activation file expiration

1- When I activate using the ActivationResponse file AFTER its expiration date, I get a Failed to activate (ret=1), instead of of a DateTime Exception.

Right, that's just how we handle it. We might make a specific exception / error for expired activation response files in the future. Right now, if the activation response get's a failure then you can assume either the file is corrupt, it's expired, or it's for a different computer.

2- When I activate after changing the computer clock to a date before the ActivationResponse file expiration date, activation is still accepted (I tried backing the date from 1 day to 8 days, all with success). This is not what I expected either.

We have some date/time fraud detection. We're always adding more. Of course client-side date/time fraud detection is always limited (because by its very nature it can't contact things outside of that computer (i.e. the Internet).

So, if you want the best fraud detection then disallow offline activations altogether. Honestly, for 99% of your customers that will be the easiest option.

On Point 1 (ActivationResponse AFTER expiration date)Sam wrote:> Right, that's just how we handle it.

Thank-you for the confirmation.

On Point 2 (use of ActivationResponse file with clock change)Sam wrote:> We have some date/time fraud detection. We're always adding more.

Good to know and I understand why you would not go into details. In the meantime I will see how I can mitigate the issue.

Sam wrote:> So, if you want the best fraud detection then disallow offline activations altogether.> Honestly, for 99% of your customers that will be the easiest option.

I agree 99% + 1%. There are few customers that don't allow Internet connection. Unfortunately they are often large companies with a lot of users. Fortunately, these large companies are usually honest corporate citizens!