Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trail mode is easy bypassed #10

Open
Strandedpirate opened this issue Sep 3, 2014 · 1 comment
Open

Trail mode is easy bypassed #10

Strandedpirate opened this issue Sep 3, 2014 · 1 comment

Comments

@Strandedpirate
Copy link

Looking through the code it shows that Trial licensing relies on the local computers date/time to validate expiration which is easily circumvented with programs like RunAsDate. Validation of date/time should always occur using a time server, although I question if even that is proper because one could write ones own UDP server and redirect Nist traffic to it.

Perhaps there is a better way to validate date/time for trials. Thoughts?

bool result;
if (LicenseType == LicenseType.Subscription)
    result = ValidateSubscription();
else
    result = DateTime.UtcNow < ExpirationDate; // bad

if (result) // this should be if (LicenseType != LicenseType.Subscription)
    ValidateUsingNetworkTime();
else
    throw new LicenseExpiredException("Expiration Date : " + ExpirationDate);
@ayende
Copy link
Owner

ayende commented Sep 4, 2014

Since the user controls the machine, they can lie to us as they wish.
You can't trust the machine, you can't trust the code.

We do use NTP for time checks, see:
https://github.com/ayende/rhino-licensing/blob/master/Rhino.Licensing/SntpClient.cs

Oren Eini

CEO

Mobile: + 972-52-548-6969

Office: + 972-4-622-7811

Fax: + 972-153-4622-7811

On Thu, Sep 4, 2014 at 12:49 AM, Strandedpirate [email protected]
wrote:

Looking through the code it shows that Trial licensing relies the local
computers time to validate expiration which is easily circumvented with
programs like RunAsDate. Validation of date/time should always occur using
a time server, although I question if even that is proper because one could
write ones own UDP server and redirect Nist traffic to it.

Perhaps there is a better way to validate date/time for trials. Thoughts?

bool result;
if (LicenseType == LicenseType.Subscription)
result = ValidateSubscription();
else
result = DateTime.UtcNow < ExpirationDate; // bad

if (result) // this should be if (LicenseType != LicenseType.Subscription)
ValidateUsingNetworkTime();
else
throw new LicenseExpiredException("Expiration Date : " + ExpirationDate);


Reply to this email directly or view it on GitHub
#10.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ayende @Strandedpirate