Permanent Clock

Jeff Epler jepler at unpythonic.net
Fri Apr 25 22:23:43 CEST 2003


In general, there's not a clock that the user can't set.  You could use
a remote time protocol to get the time from a well-known server, which
might make things harder for a user to circumvent your count (but also
means it would be useless when offline!).  You also have the problem
that the user could easily replace or remove the count file.

Both of these problems are more or less independent of the Python
language--questions like "can I trust information X from the operating
system" and "can I prevent the user from tampering with the contents of
a file" apply to all languages.

For PCs, I know of a device called a "timeHASP" which apparently
contains a unique identifier and a tamperproof clock.  I don't know if
any of these devices can also store some amount of user-writable data,
but it seems plausible (I believe that in our software, the presence or
absence of certain license features is written into the HASP before we
distribute it, but I don't know the details).  We use HASP with the
flexlm license library on Windows, and on its own from Linux.  These are
all C-libraries, but wrapping them using a tool like ctypes, pyrex, or
swig would probably not be hard.

Of course, if what you want is to give a trial user a certain number of
days to try the product, you can't give them a dongle when they download
it from your website.. it's a hard question.

import pickle, time
def MauricioCounter(file):
    # time must be tamperproof
    now = time.localtime()[:3] # year, month, day

    if os.file.exists(file):
        f = open(file, "rb")
        # file contents must also be tamperproof
        # (and replayproof!)
        then, count = pickle.load(f)
        f.close()
        if now > then:
            count = count + 1
    else:
        count = 1

    f = open(file, "wb")
    pickle.dump((now, count), f, 1)
    f.close()

Jeff





More information about the Python-list mailing list