Click here to Skip to main content
15,896,557 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
I have to deploy my asp.net website into field.. Here, the fee of website is charged annually. In order to do so, I have decided to create a table in database named Register that will store installation date and expire date of that software in encrypted form. for adding dates for software renewal, I have decided to run script in Sql. However, my concern is client might themselves add date in register tables and extend the life of their usages.

I am new to deploying software this way. How can i perform this action in safe way!! is there alternative to this way of extending dates!!!
Posted
Comments
Sergey Alexandrovich Kryukov 27-Jul-14 12:18pm    
I hope you want to hide the information on expiration data storage, not the expiration date itself; is that true?
Does it mean that the user has access to the same database as the one used for strong user records? It would be utterly impractical?..
—SA
Codes DeCodes 27-Jul-14 12:26pm    
ya SA. I am new so was unaware... I was planning to encrypt expire date and store in same database.. Which practice will you recommend is best to do so???

Please see my comment to the question.

Now, how do you think: what is the multi-tier architecture for? Let's follow the simple logic: you mentioned both SQL server and ASP.NET in your question tags. It means that you can have your database server, HTTP server and customers on at least three different tiers. The multi-tier architecture allows you to isolate the user from direct access to the database server(s). Even if you, by some reason, keep the database server, the database, and the HTTP server on the same physical host, they should be different tiers.

That way, on the user tier, the users should have access even to their own data not directly through the database server, but through your ASP.NET site. All the data is handled internally in the code behind on server-side host. Everything would be standard here: authentication, different permissions for different account, and special administration accounts where you can have access to user permissions and all related attributes, including expiration days.

—SA
 
Share this answer
 
Comments
Codes DeCodes 27-Jul-14 12:40pm    
thanks SA.. I am storing expire date in same database server where user records reside. My issue .is in doing so, expire date is exposed to client so is vulnerable. How can I keep expire date secure away from user!!! Is expiration data storage you mentioned above a jargon of Visual Studio i done know!!! Because i am looking for such jargon of SQL or VS to keep there information secure from client
Sergey Alexandrovich Kryukov 27-Jul-14 13:39pm    
This is not the obstacle yet. As soon as you isolate the user from direct access to the database server, you will be fine. I already answered your question in full. If you still did not get it, please don't repeat your question (apparently, I already read it). Instead, ask if you cannot understand something in my answer.
—SA
What you want to do is encrypt the value you are storing in the database. That way, if they tamper with it when you try to decode it you'll get an invalid value and can choose to block the app at that point.

Here are a couple of articles from this site on how to do encryption. Just encrypt your data and store in the database.

.NET Encryption Simplified[^]

ASP.NET data encryption / decryption made easy[^]
 
Share this answer
 
Comments
Codes DeCodes 28-Jul-14 1:50am    
thanks ryan.. I will try this and return to you...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900