Is it possible to take the user's token?

U

Uncle Seryozha2017-09-08 14:49:00

In contact with

Uncle Seryozha, 2017-09-08 14:49:00

The user logs in with the application key in my application installed on his PC, is it possible to pass the token and username to the server along with the serial in order to verify the id name and token for licensing purposes (i.e. check that the logged in user has logged in all on the same PC - a kind of verification of the binding of a license to a specific PC from which the license key was generated)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Sokolov, 2017-09-08
@Protos

Direct answer to the question: you can .
Moreover, it is enough to transfer only the token, because it is easy to find out the user id from it by executing users.get () without parameters with this token.
Another thing is that in general such “protection” is unreliable. Everything that is done at the client is forged. The application can be modified to always send some static token+serial pair downloaded from pirates.
I thought about protection through the use of stored procedures on the VK server. Those. the application does not call the VC methods directly, but stored procedures, the code of which is available only to the application author. Inside the procedures, you can check the validity of a given user id. For a small number of licenses, it is quite an option. For big ones, no.