J.M. Wu

Why u use the activation code directly in the url?
It is pretty unsafe!!!
You're too irresponsible to your customers and to your customers' assets.
J.M. Wu
  • Posts: 7

Nate

The main reason is that it is a very simple way to do it, as there is no need for an account login and password. We do understand the security implications of using a URL that goes to the license page. We have considered other mechanisms and likely we will change it sometime in the future, though there have not been problems because of the URL so far (nearly 10 years!). If you ever do have a problem with your account, please contact us and if you would like we can provide a new activation code for your Spine license in a more secure manner.
User avatar
Nate

Nate
  • Posts: 9993

J.M. Wu

Emmm...Think about this:
I want to speed up the downloading with an app like Thunder which is not reliable but efficient!
It know my link and my liscense!

Do you think a simple md5 digest of the code is much safer than the plain license code?
J.M. Wu
  • Posts: 7

Nate

MD5 would not be safer, since anyone with the URL could still visit the page which has the activation code.

When you download something from a downloader and run it, you are trusting that downloader quite a lot already. It is inherently unsafe to send your traffic through a third party. No matter what security is used for the Spine download link, consider that the downloader could see you are downloading an executable file and insert malicious code into it. I would not recommend using any downloader software, if you can avoid it.
User avatar
Nate

Nate
  • Posts: 9993

J.M. Wu

Nate wrote:MD5 would not be safer, since anyone with the URL could still visit the page which has the activation code.

When you download something from a downloader and run it, you are trusting that downloader quite a lot already. It is inherently unsafe to send your traffic through a third party. No matter what security is used for the Spine download link, consider that the downloader could see you are downloading an executable file and insert malicious code into it. I would not recommend using any downloader software, if you can avoid it.
No, no, no!
MD5(ActivationCode + SaltA) for downloading, MD5(ActivationCode + SaltB) for license page~~~
Anyway, Concating sensitive data of plaintext with URL is rough an nothing with safety~
Eiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
Ignore a layman's solution! I just suggest you to make it more safer using your technology for US!
Thank you for your reply!
Looking forward your good news about safety issue!
J.M. Wu
  • Posts: 7


Return to 中国Spine用户