Controlling Where An App Runs

[cmhjon]

Hi all,

If you wanted to ensure that an LC app you wrote could only be used on company PC's (and not outside the company), how would you go about doing that?

One idea I had was to have the app ping an internal company server at startup. If it couldn't ping it, the app would close. I know there are methods that could be used outside of the app (Microsoft Active Directory for example) but I would like to find a method that is scriptable within LC.

Any feedback would be appreciated!
Jon

[jacque]

I don't think that would be a bad way to do it.

You might also want to investigate some of these functions to see if they are of any use:
hostName, hostAddress, hostNameToAddress, peerAddress, DNSServers

[richmond62]

I'd just password the thing.

[AxWald]

Hi,

I'd just password the thing.

Joe Worker: "Hey, Jane Thief, here's the USB stick with the app. Password is '12345'. Have fun!"

Jon,
there's many a way to achieve your goal - but it depends of where the user should be allowed to run the software. Home office? Only in company buildings?

One way would be to utilize existing security measures: A file on a protected file server that's only accessible from trustworthy machines - read this file at startup, & refuse to run if this fails.

To add some difficulty, use some easily accessible but ever changing strings: Title line of the CEOs Blog, name of "employee of the week", "motto of the day", name of article x of the "special bargain flyer", the long date ...
Concatenate a few, encrypt them using a scheduled script on the server, and write them into the test file, fresh ones each midnight. Now your program can check a lot more, and is less easy to fool.

Another approach, as I use in some of my commercial products:
The software is allowed for a "user" (in a company/ group), but not limited on machine or location - it's running on Windows & Android, meant to be mobile, and can be used offLine.
At each (onLine) StartUp it loads user specific preferences (and a whole bunch of other stuff, including further company/ group prefs, menus, cache data, updated modules etc. ...) from the "program server" and remembers the successful loading time in its local SQLite. Should there be no internet, and should there be a certain time gone since last successful loading, it refuses to load.

Each of the preferences (user, group, company) has 2 flags:
- If flag 1 ("logLoc") is set, the program updates a file on the server with it's current public IP.
- Flag 2 (KillSwitch") actually is an integer: 0 does nothing. 1 displays a "temporally unavailable" message. Anything else means "danger" & quietly deletes all possibly sensitive files, then shuts down with a "Your authorization has been revoked. Please contact your supervisor!".

So just setting flag 1 on the "program server" I can enable a simple tracking, thus the customer company can watch where its employee uses the company's program.
And with flag 2 I can shut 'em down for good, should this be desired.
The customer company can easily disable "any access", "group access" or "user access" from their "command center" any time they wish - this just renames the resp. prefs file on the server, and if the program has internet, but doesn't find its pref, it just quits.

For sure, there's a lot of more possibilities. But maybe this helps finding ideas.

Have fun!

[AndyP]

I had to do something like this a few years ago. My solution was to have a text file on the company server that had a list of current eligible users, 1 per line.
Then each time the application was started it would compare the current user of the client computer with the list and would close the application if not found. This worked well, the only downside was that the list of users had to be maintained which really wasn't that much of a problem with the small number of users but could be if your company has many users or if users change often.

This was on Windows by the way.