Comments (3)
Examples of the above
User: sam
$ curl localhost:5001/api/check -X GET -d token=3CQ08J7RFCVA6M5RCH5QL5UXH -d user=sam -d machine=ryujin
{"result": "ok"}
User: paul
curl localhost:5001/api/check -X GET -d token=3CQ08J7RFCVA6M5RCH5QL5UXH -d user=paul -d machine=ryujin
{"result": "ok"}
Machine: peanut
$ curl localhost:5001/api/check -X GET -d token=3CQ08J7RFCVA6M5RCH5QL5UXH -d user=paul -d machine=peanut
{"result": "ok"}
Machine: raisin
$ curl localhost:5001/api/check -X GET -d token=3CQ08J7RFCVA6M5RCH5QL5UXH -d user=paul -d machine=raisin
{"result": "ok"}
from jwt-key-server.
Yes this, this is intentional. Anyone can rename their computer or user name on a machine. Machine name and username are only memo fields to help you with fraud detection to who is using your software and on what machine.
The only way to really prevent key stealing would be to seed an activation hash using hardware IDs and the activation key on the licensed machine and upon first activation, store that on the DB side and on each check, send the hash and make sure it matches what was sent for the first ever activation.
The problem with is if itβs hard coded into a public library, anyone can come to this repository and see how it works and crack your software.
I do have a Client-Side library for this on the TODO list but itβs not done yet.
This is why the username and machine name exists, to help you manage fraud in the meantime.
from jwt-key-server.
You can achieve this with the hwid parameter. If supplied, the key can only be checked on that one machine. I will have to come back around and store multiple activations on the same key in a table to allow one key to be used on multiple machines.
from jwt-key-server.
Related Issues (14)
- ImportError: module 'keyserv.config' has no attribute '<flask' HOT 1
- I'm runnning Ubuntu18.04 HOT 1
- Remote IP via nginx proxy (for https) and add expiration date for key HOT 2
- Create user issue
- Add documentation HOT 1
- Token deletion HOT 2
- Database needs to be manually populated?
- Question about "Active" setting. HOT 5
- Features Requests
- from keyserv. Models import DB" without this keyserv HOT 1
- table users do not exist HOT 2
- Error while creating new user HOT 4
- Feature Request: Number of licenses in use HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt-key-server.