We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy. (Last updated on: November 16, 2018).
Unfortunately, activation email could not send to your email. Please try again.
Syncfusion Feedback

Clear text license keys and GitHub

Thread ID:

Created:

Updated:

Platform:

Replies:

142480 Feb 5,2019 06:12 PM UTC Feb 11,2019 12:44 PM UTC Others 3
loading
Tags: Others
Alan
Asked On February 5, 2019 06:56 PM UTC

I may be missing the point here.

I am writing an open source Xamarin Forms project that will use the SfListView component.

As I understand it, I initialise the licensing with my key in clear text, code taken from how-to-generate-syncfusion-license-key
  //Register Syncfusion license
  Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense("YOUR LICENSE KEY");

When I post this to GitHub, surely everyone can see my license key?

My current solution is to pull the "YOUR LICENSE KEY" string from a file outside the GitHub source tree.
Doh! That's never going to work - I'm muddling up compile time and run time.

PS: I have seen this post: best-technique-to-securing-license-key but it doesn't seem to provide a solution today.

Vadivel Natarajan [Syncfusion]
Replied On February 6, 2019 10:24 AM UTC

Hi Alan, 

Thanks for contacting Syncfusion support.  

Please refer the following Knowledge base article link to register the Syncfusion license without hardcoded in application.  


Please let us know if this helps you.  

Regards, 
Vadivel Natarajan  


Alan
Replied On February 6, 2019 03:36 PM UTC

OK, I can't get this to work

As my Android app launches I get this message
Syncfusion License 
The included Syncfusion license is invalid. Please refer to this help topic(https://help.syncfusion.com/es/licensing/invalid/) for more information. 

I'm building using VS2017 Community edition 15.9.4 on Win 10

I am using your instructions at https://www.syncfusion.com/kb/9179/syncfusion-license-register-without-hardcoded
  • I've put my Syncfusion licence key into a system environment variable.
  • I've put the pre and post build events into the project that wants to register the licence.  The events point to App.xaml.cs
  • I've put the registration code into App.xaml.cs ; this is the line
          Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense("##SyncfusionLicense##");

  • I repeat the process for the Android project, with the registration code in OnCreate() in MainActivity.cs
  • (I'm not building an iOS project)

If I turn VS2017 build output up to diagnostics (the highest) I can see that SyncfusionLicenseRegister.bat is being called correctly twice (pre- and post-build) but I can't see any output.

If I use DOS, go to the correct directory and run
SyncfusionLicenseRegister.bat PreBuild App.xaml.cs
I can see that the correct licence code has been inserted into App.xaml.cs
If I then run
SyncfusionLicenseRegister.bat PostBuild App.xaml.cs
I can see that the relevant line in App.xaml.cs now again holds the dummy key: "##SyncfusionLicense##"


PS: I suggest also that when creating the post-build event, you select "Run the post-build event - always". The default is " - on successful build"
This ensures that the licence key doesn't remain in the source code if the build fails, from where it might be pushed up to Github or some other public location.
Of course no dev would ever commit broken code, but it's worth checking.


PPS: With the approach above, you are still embedding the licence key in the code. I suspect someone with some intelligence could probably extract it.
I suggest it would be better to tie the licence key to something specific about the app.
Maybe with signed apps you could have a small program that takes the app signature and the licence key and then produces some kind of hash value that can be stored with the app.
This program would be run once by the developer after the app is signed.
At runtime, the Syncfusion license validator would read the hash value and the app signature and only validate the licence if correct.
This way, only the hash value would be embedded in the app and would be useless to any other application / licence combination


Vadivel Natarajan [Syncfusion]
Replied On February 11, 2019 12:44 PM UTC

Hi Alan,

We have created a support incident under your directtrac account. Please follow up the support incident for further updates.

https://www.syncfusion.com/support/directtrac/incidents

Regards,
Vadivel Natarajan

CONFIRMATION

This post will be permanently deleted. Are you sure you want to continue?

Sorry, An error occured while processing your request. Please try again later.

Please sign in to access our forum

This page will automatically be redirected to the sign-in page in 10 seconds.

Warning Icon You are using an outdated version of Internet Explorer that may not display all features of this and other websites. Upgrade to Internet Explorer 8 or newer for a better experience.Close Icon

;