Security is a high priority in the design of the system.
The API used by applications to check license status is completely separate from the developer API, used to create and maintain licenses and users.
No passwords, security keys or other information which could allow access to the server are ever distributed with applications, or are ever sent over an internet connection from an application.
The developer’s login and API are password protected, and there are checks for SQL injection.
It’s recommended that you use SSL protocol (https) on your server if possible.
Users cannot generate licenses
It is not possible for users to create a license generator (keygen) or fake licenses – the license must be present on the server to be valid.
Whatever license the user has, if it is not found on the server when the application checks for it, it is not valid. Users have no way to generate licenses. No way to access the developer API is ever distributed.
The Registered version of TrackMySoftware has a client-side encryption module which uses strong public-key encryption. The server will encrypt and send the variables for local storage (using the private key), and the application can decrypt them (with the public key) , but not write to the local storage. This prevents users from hacking the local storage and changing the variables.
In any case, local storage is only used when there is no internet access. if the application has internet access, then the current status will be read directly from the server.