User downloads an App (which assume is a game) from server. I need to enforce time constraint on how long a user can run an Application on a system.
eg. Starting from the time of installation, user can use the Application till only 5 days.
My problem is, if I depend on system time/day etc for implementing this logic, user might change the system time and overcome the logic.
Platform: Linux/C++
P.S.: I have to assume a case in which user decides to not connect to internet at all after he downloaded the Application. Since I don't have network access so can't rely on server based storage about Application's installation date/time etc.
Can someone give a clue how this kind of behavior is implemented in Applications which give a trial period of their usage?
Edit:
I am adding the Algo which I am thinking:
At installation time :
At the time of installation store the current system date.
Store this info in an encrypted form into a file DRM.txt
On App startup :
Open the file and decrypt the installation date.
Get the current date from system.
Match if the application is allowed to be executed according to the number of days that have passed since user installed it.
If allowed, start the App else give error msg and return.
Problem:
Let at the time of installation system date is 19/12/2012 and user is allowed to use the App only for 4 days that is till 22/12//2012. Thus, 19/12/2012 is stored into DRM.txt.
After 4 days user changes the system date back to 20/12/2012, then my logic to check will allow this Application to run.
Hope this clarifies what I am trying to say.
This can be achieved through encryption, for example storing a date into an encrypted file, note that this won't prevent reverse engineering, etc, etc, etc
Save and check the time when start and stop the APP.
If the current time is much shorter than the saved time, then you can think it is cheating.
Related
Beginner system admin here. We have a Linux server and multiple users running in LDAP (2.4.31)
Is there a way to synchronize the local date/time with all of the users? Because some CMOS batteries are already discharged. Ideally, when the LDAP user logs in, it will automatically change the local date and time.
It's hard to use the date command every time I check manually all the users. The date/time is critical to the users since there are log files that were being updated by the local time.
PS:
Setup is on-premise only
No internet connection
Goal is to one client, then all the clients/users will use that date
Ok, I am trying to make sense of your question here. I think it have nothing to do with LDAP and everything to do with time synchronisation but I could be wrong.
The part of your question I struggle to understand is "When the LDAP user logs in, it will automatically change the local date and time". Can you specify where this change occurs? Are the users that connects are on windows or linux?
I think what you need here is to use some network time protocol(NTP) servers to synchronize time across all your machines. there are plenty of public ones available for free (see : https://www.ntppool.org/en/)
on recent linux with systemd, the daemon responsible for syncing the time is systemd-timesyncd with its configuration file located at /etc/systemd/timesyncd.conf if your clients are using windows, there is a similar process to keep the clock ajusted with NTP.
If I misunderstood your question, please clarify
I have written a blocking user system in node.js. I'm using nodejs, mongodb as data base and mongoose, expressjs and Reactjs.
I have successfully written the blocking logic and unblocking logic. I used mongoose $currentdate feature which fetches the currentdate but uses the current date of the local machine.
I simply said if expiryDate === currentdate, user should be unblocked.
I also tried to use Javascript to get the current date and it uses the local machine date and time.
Why I feel this isn't right is because the user's date and time maybe wrong. I tried this out by setting a wrong date on my local machine and the Javascript date system was setting a wrong date for me as well. This will surely make a mess of the unblocking logic.
If I write my logic using this, it can be dangerous since I do not have control over the user's local machine date and time settings.
Is there really a better way to get this done? I will be deploying the application to be hosted online in Amazon ec2 or haroku. This is part of my learning process actually. Wanted to know how this really work.
How do applications that use billing methods track my days? For instance, if I start a subscription today and the subscription lasts for 7 days, no matter the current state of my local machine date and time, the subscription will surely expire on the 7th day.
How can I achieve this? I would like the expiry logic to be independent of the user's local machine date and time.
Any npm package that can do this or best way to go about this?
If you don't want to depend on the system date, you have to use NTP (Network Time Protocol)
To use NTP in your node script, you can use an NTP module, one of these for example:
https://www.npmjs.com/package/ntp-time
https://www.npmjs.com/package/ntp-time-sync
https://www.npmjs.com/package/ntp-client
I want to create a application that contains a feature that allows users to submit code and the server will compile and run it, similar to Ideone & Spoj. How do I do this securely in a scalable manner?
Partial Solutions I'm aware of:
IDEA 1 - 3rd Party Services
The Sphere Engine. However this costs a LOT of money!
I'm not aware of any open source application I can run on my server to achieve this, or a cheaper alternative. Please correct me if i'm wrong.
IDEA 2 - VM
This would be the next most sensible choice. However, I'm unsure how to implement it. For example let's say I created a VM and started to run the user's code. This would restrict damage on MY system, but not the damage on the VM, which other users would have to use. Does that mean I have to create a new VM each and every time I want to compile and run user's code (which clearly is not scalable - correct me if I'm wrong.
Having not set up a thing, I assumed that services like TravisCI (which compiles code and runs it under test cases you provide), have a base virtual machine image, which boots up and processes your code. The next user to come along gets a separate VM booted from the same base image, your changes aren't stored.
So inside the VM, the user code can do whatever. All of its effects, except stuff written to the console will be erased at the end of the time limit.
I have an application written based on lotus notes client. I wanted to check whether lotus notes is running before starting my application, so that I can skip asking for password from the user if "Don't prompt for password from other notes-based programs" is checked.
One method is get all the running process and look for nlnotes.exe and notes2.exe process to confirm.
Is there any other method to achieve the same.
To be more specific, I want to know whether any registry entries are made to say that notes is currently running. We can't open two instances of notes client, this made me think IBm might have used registry entry to check for running instance.
Kindly correct me if I'm wrong.
The registry would not be a good place for info like that, because if the client crashed the registry data would need to be cleaned up. The same is true for lock files. So while I can't say for sure, I believe IBM detects whether the client is already running by looking for in-memory objects - e.g., shared memory sections, mutexes, etc. Using Process Explorer, I see several shared memory sections associated with the Notes processes. One likely candidate is a section called -LTSCS-22275429-MEM9, but I don't know how that name is generated, if it ever changes with reinstall, reboot, etc. It would take a fair amount of experimentation to determine that - and then of course one would have to figure out how to write the code to detect it, but that's my best guess as to how it's done.
For testing purposes, I often need to go back and forth between the current date and a past date. I wrote a quick powershell script so that I can just double-click a desktop shortcut to change system time to the desired hard-coded date. It works great, but I have to r-click and run as administrator. I'd like to successfully run without r-clicking.
I've tried editing security settings for the service in Local Security Policy, but the result is I don't see a UAC prompt, but the script does not succeed either. It still says
Set-Date : A required privilege is not held by the client
Any thoughts on how to give this privilege to the client? I want the script to run without being prompted for UAC. Thanks.
There really isn't a good way to actual change the time without a prompt. Changing the system time is a privileged operation and doing that without a prompt is tricky (if possible at all).
You could embed the administrator password in a script, have it create a new process as admin and change the time from there. Embedding an admit password in tests though would be a giant red flag.
It's possible there is a security setting somewhere that you could change to make system time alterable by non-admin accounts. I don't actually know if this can be done. If you did this it would require the change on every single computer you run the tests on. Another red flag.
I think a much smoother approach would be to simply abstract away the idea of time in your code behind an interface. Let's say you were using C# you could define the following
interface ITimeUtil {
DateTime SystemTime { get; }
}
In the actual running program you would implement this interface by querying the system time directly as you do today. For the purpose of testing you would mock this interface to return times in the past.
Maybe you can manipulate the token and grant yourself SeSystemtimePrivilege
http://technet.microsoft.com/en-us/library/cc976700.aspx
There is a script floating around the web for doing so here.
https://superuser.com/questions/693620/how-to-restore-the-ownership-of-a-folder-to-trusted-installer-using-silent-com/693627#693627
Using that script you can run this command to enable the privilege (temporarily) then issue your Set-Date to travel backwards in time.
Enable-Privilege SeSystemtimePrivilege
Set-Date "November 5, 1955"
Write-Host "Are You Telling Me You Built A Time Machine Out Of A Delorean"
One possible option might be to use a scheduled task (set to run with hightest privileges) that reads a datetime from a file location, and use your script to write to that file and then run the task.