Isolated Storage Area

sandeep · June 15th, 2003, 08:33 AM

Hi Everybody!
I have created an application for which i am distributing Trial version of 30 days. I have learned that we can store all the information that we don't want the user to tamper with in isolated storage.My application writes the date into the isolated
storage area the first time application runs. On all subsequent executions my application checks for expiry date as per the information stored in storage area. I installed the trial
version on one of my friend's machine and everything was fine. Then my friend told me that he could easily break my application by going to command prompt utility and writting the following
command:
> storeadm /remove

By writing this he was able to remove the entry my application made in storage area. I have read that access to the store is restricted to the user who created it. Is there anything special i have to
do to not allow the user of my application to tamper with the data written in isolated storage? Is there any other break-proof method for making trial version of application? Any help on this topic will be greatly appreciated.

Thanks
sandeep

amit singh · June 22nd, 2003, 05:51 AM

Hi santy sandy,

Isolated storage provides a location where
applications can store
configuration and other settings without fear of
corruption by other
applications.
www.amitsingh\isolated.html
gives examples of the scenarios where it is useful and
some where it is not.

Isolated storage, however, provides no protection from
highly trusted code,
unmanaged code or trusted users of the computer.
"storeadm" is an
administrative tool for Isolated storage and "storeadm
/remove" is the
command line for removing all isolated storage for the
current user. Also,
the location of the Isolated stores on the filesystem
is public information
and any user who has write access to the relevant
directories can just go in
and delete them.

For all these reasons, the user who downloads and
installs your 30-day trial
application can easily delete the date information
that you set up in
Isolated storage. This is not one of the recommended
uses of Isloated
storage.

Hope this helps.
Thanks,
ur friends singh ji :D

Deepesh_Jain · July 2nd, 2003, 06:18 AM

One Alternative way of doing this is that when ever u make the setup of your application then write a value in registry e.g. current time and then whenever your application will run, just check the current time with the stored value in the registry.

Quote:

quote:Originally posted by sandeep
Hi Everybody!
I have created an application for which i am distributing Trial version of 30 days. I have learned that we can store all the information that we don't want the user to tamper with in isolated storage.My application writes the date into the isolated
storage area the first time application runs. On all subsequent executions my application checks for expiry date as per the information stored in storage area. I installed the trial
version on one of my friend's machine and everything was fine. Then my friend told me that he could easily break my application by going to command prompt utility and writting the following
command:
> storeadm /remove

By writing this he was able to remove the entry my application made in storage area. I have read that access to the store is restricted to the user who created it. Is there anything special i have to
do to not allow the user of my application to tamper with the data written in isolated storage? Is there any other break-proof method for making trial version of application? Any help on this topic will be greatly appreciated.

Thanks
sandeep

Deepesh Jain
VB,VBA & .NET Specialist
Wiley Support Team

Phillip · July 6th, 2003, 03:53 PM

I know this warrants a discussion in itself, but with dissassembly, could the user not quite easily see the registry key and then change it themselves?

Quote:

quote:Originally posted by Deepesh_Jain
One Alternative way of doing this is that when ever u make the setup of your application then write a value in registry e.g. current time and then whenever your application will run, just check the current time with the stored value in the registry.

Quote:

quote:Originally posted by sandeep
Hi Everybody!
I have created an application for which i am distributing Trial version of 30 days. I have learned that we can store all the information that we don't want the user to tamper with in isolated storage.My application writes the date into the isolated
storage area the first time application runs. On all subsequent executions my application checks for expiry date as per the information stored in storage area. I installed the trial
version on one of my friend's machine and everything was fine. Then my friend told me that he could easily break my application by going to command prompt utility and writting the following
command:
> storeadm /remove

By writing this he was able to remove the entry my application made in storage area. I have read that access to the store is restricted to the user who created it. Is there anything special i have to
do to not allow the user of my application to tamper with the data written in isolated storage? Is there any other break-proof method for making trial version of application? Any help on this topic will be greatly appreciated.

Thanks
sandeep

Deepesh Jain
VB,VBA & .NET Specialist
Wiley Support Team