Enforce Seats in FileMaker 7/8/9 Commercial Solutions
by Brian Dunning
article | del.icio.us
of commercial solutions have a lot of reasons to be excited about
FileMaker 7/8/9, but I wanted to draw special attention to a neat
little gadget that will simplify and strengthen the enforcement
of purchased seats. Often, when you sell a commercial software
application that is a FileMaker Developer runtime, you may have
a three, four, or even five figure price point. You certainly don't
want a customer pirating your application to a second user, or
to their friend across the street.
One solution is to sell a hardware dongle. This is a little thingie that plugs
into a USB or serial port, and there are FileMaker plug-ins available
that can check for the presence of the dongle and disable the software
if it's not there.
I am not a big believer in dongles, primarily because people hate them. They're
inconvenient, they can be lost, and they require a port that may
not always be available. My philosophy is that selling software
is hard enough, so I avoid any possible opportunity to irritate
my customers further. So I don't use dongles, but they are one
perfectly valid solution.
Another answer, which we're going to examine in detail today, is to sell a unique
serial number or license key. It's easy to generate unique license
keys, but it's not always so easy to enforce that a particular
key run on a single machine, and only that particular machine.
The best way to do this is for the license key to incorporate elements
of the computer's NIC address.
A NIC (Network Interface Controller) address (also variously known by other names)
is a unique six-byte code embedded by the manufacturers of network
devices, such as your computer's Ethernet interface. There are
281 trillion possible NIC addresses, so you can be reasonably certain
that your customer won't happen to have two that match. FileMaker
Pro can read this address, and if the decrypted license key matches
that code, then the software can proceed. Such a license key will
not work on any other computer.
(We won't talk about the encryption here -- but if you want a detailed, all-in-FileMaker
example of generating encrypted license keys, see Easy Encryption
at http://www.briandunning.com/easy-encryption/. A free demo download is available, which is a great companion to this article.)
Before we get into the technology of how to accomplish this, remember
that there is a limit to what technology alone can do. Business
rules will have to make up an equal part of a complete security
scheme. So, to understand what some of those limitations are, let's
examine some Gotchas about using the NIC address as part of your
- Gotcha: Many computers these days, particularly laptops with wireless cards,
have multiple NIC addresses. My PowerBook has one NIC address
for the Ethernet interface, and one for the AirPort Wi-Fi interface.
Be aware of this when you design your logic. Similarly, there
are computers with no NIC address at all (old ones with no Ethernet
card). I have one in my closet.
- Gotcha: It is possible for customers to share a Wi-Fi card, and use it exactly
as they would a dongle, if the license key is bound to that card's
NIC address. If you're concerned about this, make the license
key dependent upon all found NIC addresses, since machines with
wireless cards usually have Ethernet interfaces also. If you
do this, keep in mind that someone might choose to remove their
Wi-Fi card for some reason. You can't reliably tell from reading
the NIC address what type of interface it's for.
- Gotcha: Customers often change computers, buy new ones, etc. If your policy is
to grant them new license keys to run on their new hardware,
be aware that can also lie and claim to have bought a new computer,
when they really only want a second license key for their coworker.
This Gotcha is the primary reason that companies like Adobe and
Microsoft are susceptible to pirated serial numbers: when you
have as many customers as they do, it's not feasible to manage
license keys that are machine-specific. For this reason, you
may wish to adopt a pricing policy where the first seat is full
price, and subsequent seats are heavily discounted. Make it clear
up front that new computers will require the purchase of a new
seat. You might choose to make exceptions for cases where they
present a bill of sale showing that the computer was sold, or a police report showing that it was stolen.
Those are the Gotchas. It's up to you to develop business rules to deal with
all of the above, but once you've done this and are satisfied that
the model will work for your product and your customers, you're
ready to look at how to read these codes using FileMaker Pro.
It's especially easy in FileMaker 7/8/9, with the Get(SystemNICAddress)
function. This function evaluates to the NIC address, expressed
If there are multiple network devices present, they'll be listed as above separated
by carriage returns.
It takes a few extra steps in FileMaker 5/6. On Macs, you'll need
to use AppleScript to retrieve it. Here is an AppleScript that
places the current NIC address onto the clipboard:
set nic_address to do shell script "ifconfig en0 | grep ether | cut -b \"8-24\""
set the clipboard to nic_address as string
Your FileMaker script can then proceed to paste the NIC address into the desired
field. The above script retrieves the first NIC address; to get
the second (when available), replace "en0" with "en1," and so on.
To get this into FileMaker in Windows, use the Send Message script step and specify
ipconfig /all -> nic.txt
This creates a text file called nic.txt that looks like this:
Windows IP Configuration
Host Name . . . . . . . . . . . . : TEST
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mynetwork.com
Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet
Physical Address. . . . . . . . . : 00-08-A1-2A-DB-26
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.100.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCP Server . . . . . . . . . . . : 192.168.168.1
DNS Servers . . . . . . . . . . . : 184.108.40.206
Lease Obtained. . . . . . . . . . : Sunday, October 27, 2002
Lease Expires . . . . . . . . . . : Sunday, October 27, 2002
Your script can proceed to import this text file, and parse out the Physical
Address line contents. Note that I've seen this text file get generated
in different places on different machines, so you might have to
do a search to find where the file gets generated. It's usually
in the current user's home directory.
Once you know how to retrieve the NIC address using your software, here is an
overview of one way that you can manage this process from beginning
- Deliver your runtime application with the NIC address field blank. Whenever the
software launches on the customer's computer, run a script to
retrieve the NIC address and store it in a global field. Always
overwrite the contents of that field.
- You may choose to use customer numbers or some other data as well. Use some technique
(a good example is the one described in Easy Encryption) to use
the NIC address and any other data to generate a unique "challenge code." It's wise for this challenge code to be in clear, readable text, and to avoid
any ambiguous characters like 0, O, I, 1, or l, as demonstrated
in Easy Encryption.
- The customer can telephone you with the challenge code, or you can have the software
connect to a web site over the phone and submit the challenge
code along with a credit card payment. When you receive the challenge
code, generate a unique license key that is bound to that specific
challenge code, and also incorporates any other privileges or
data that you want. Make sure that these license keys are well
obfuscated, as in Easy Encryption.
- The customer enters their new license key. Your solution's logic should always
check for the presence of a valid license that matches the machine's
NIC address. As you can see, if the customer passes the installer
around, different machines will generate different challenge
codes, so the purchased license key will not work for them. And,
if the customer passes around the installed program folder of
your application, launching the application will fail because
each machine's individual NIC address will fail to match the
- Naturally, it's important to design your software in such a way that the script
that checks the validity of the license key is accessed not just
upon launch of one particular file, but at many crucial access
points throughout its usage. Certify that no "back door" exists, or any other way for the check routine to be skipped or avoided.
Follow the above steps, and you can rest assured that your software cannot be
pirated, subject to the Gotchas which, in my experience, are well
mitigated by the reality of what a pain it would be for customers
to cheat by swapping network cards back and forth.