Implement with your licensing system

Codeguard is implemented on applications through the following process:

Users login through the standard license process.
Upon successful authentication, the license server returns a cookie, a token or other form of object that indicates the user's authorization state.
Codeguard initializes with this result and forwards it to our tamper protection servers for verification.
Our tamper protection servers verify that the connection is legitimate and only then the user is granted access to the application.

Alternative implementation

If your licensing system isn't deeply integrated with your program, it might be possible to use Codeguard as the first and only layer of defense against reverse engineering attacks.

The implementation would be similar to what we described earlier with the main difference being that your licensing system wouldn't be exposed to attacks.

The pros & cons

There are a few security considerations when deciding on the implementation model.

The main benefit is skipping sending user-identifiable information to our servers. On the other hand, it opens a potential attack vector where attackers can exploit the exposed endpoints and make reverse engineering easier.

We mitigate some exploitation attacks by binding each session to a machine; this ensures that even if attackers are able to generate sessions for an user; no more than the first machine to claim the session would be able to use it.

We recommend enabling short-lived tokens in the licensing panel; by doing this, our servers would call your system if a customer disconnects to invalidate the token immediately.

PreviousIntroduction NextSetting up a gateway

Last updated 1 year ago

Was this helpful?

Codeguard is implemented on applications through the following process:

Users login through the standard license process.
Upon successful authentication, the license server returns a cookie, a token or other form of object that indicates the user's authorization state.
Codeguard initializes with this result and forwards it to our tamper protection servers for verification.
Our tamper protection servers verify that the connection is legitimate and only then the user is granted access to the application.

Alternative implementation

If your licensing system isn't deeply integrated with your program, it might be possible to use Codeguard as the first and only layer of defense against reverse engineering attacks.

The implementation would be similar to what we described earlier with the main difference being that your licensing system wouldn't be exposed to attacks.

The pros & cons

There are a few security considerations when deciding on the implementation model.

The main benefit is skipping sending user-identifiable information to our servers. On the other hand, it opens a potential attack vector where attackers can exploit the exposed endpoints and make reverse engineering easier.

We mitigate some exploitation attacks by binding each session to a machine; this ensures that even if attackers are able to generate sessions for an user; no more than the first machine to claim the session would be able to use it.

We recommend enabling short-lived tokens in the licensing panel; by doing this, our servers would call your system if a customer disconnects to invalidate the token immediately.

partial implementation's