Validation Methods Comparison
mLicense offers different license validation methods, tailored to various security needs and use cases.
Methods Overview
🔓 Basic HTTP Validation
Recommended for: Small projects, internal applications, MVPs
Simple, single-phase HTTP validation with basic hashing. Quick to implement but offers minimal security.
🔐 Secure Validation
Recommended for: Commercial applications, production systems, high security requirements
Advanced, two-phase challenge-response validation with multiple security layers.
🎓 Java ClassLoader
Recommended for: Java applications requiring dynamic code loading
Specialized method for Java applications, enabling class loading only after successful validation.
🎯 Custom Check
Recommended for: Advanced scenarios with custom business logic
Webhook-based validation allowing implementation of custom validation rules.
Detailed Comparison
Basic vs Secure Validation
| Feature | Basic HTTP | Secure Validation |
|---|---|---|
| Number of requests | 1 | 2 (initiate + verify) |
| Challenge-Response | ❌ | ✅ |
| Rate Limiting | ❌ | ✅ (10 req/min) |
| Anti-Replay Protection | Basic | ✅ Advanced (timestamp + nonce) |
| Client Fingerprinting | ❌ | ✅ |
| Integrity Checking | ❌ | ✅ |
| Challenge Expiry | ❌ | ✅ (5 minutes) |
| Constant-Time Comparison | ❌ | ✅ |
| Attempt Tracking | ❌ | ✅ (max 3 attempts) |
| Timing Attack Protection | ❌ | ✅ |
| MITM Protection | Basic | ✅ Advanced |
| Replay Attack Protection | Basic | ✅ Advanced |
| Blacklisting | Yes | ✅ Advanced (IP + HWID) |
| Custom Webhooks | ❌ | ✅ |
| Security Level | ⭐⭐ | ⭐⭐⭐⭐⭐ |
| Ease of Implementation | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ |
| Performance | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ |
Security vs Performance
Security ↑
Secure Validation ┃ ★★★★★
(Challenge-Response) ┃ • Rate limiting
┃ • Anti-replay
┃ • Fingerprinting
─────────────────────┼─────────────────
Basic HTTP ┃ ★★
┃ • Basic hash
┃ • No rate limit
↓ Performance
Fast ←────────────────────────→ SlowerWhen to Use Which Method?
✅ Use Basic HTTP Validation when:
- Building a prototype or MVP
- Working on internal (non-commercial) application
- Need quick implementation
- Security is not a priority
- Have small user base
- Application runs in controlled environment
Examples:
- Internal company tools
- Educational projects
- Proof of Concept
- Closed beta testing
✅ Use Secure Validation when:
- Building commercial application
- Security is a priority
- Expecting attacks / bypass attempts
- Have large user base
- Application generates revenue
- Need compliance with security standards
- System operates in public environment
Examples:
- SaaS applications
- Commercial software
- Enterprise platforms
- Applications with sensitive data
- High-value software
✅ Use Java ClassLoader when:
- Building Java/Kotlin application
- Want to dynamically load code
- Need to control class access
- Implementing plugin system
Examples:
- Applications with plugin system
- Modular Java applications
- Systems with dynamic feature loading
✅ Use Custom Check when:
- Need custom validation logic
- Have specific business requirements
- Want to integrate external systems
- Need additional validation conditions
Examples:
- Verification with external database
- Additional permission checks
- Payment system integration
- User geolocation
Combining Methods
You can combine different methods for maximum security:
🔒 Secure Validation + Custom Check
┌─────────────────────┐
│ Secure Validation │ → Challenge-Response
│ │ → Rate limiting
│ │ → Fingerprinting
└──────────┬──────────┘
↓
┌──────────────┐
│ Custom Check │ → Custom logic
│ │ → Business rules
└──────────────┘🎯 Java ClassLoader + Secure Validation
┌──────────────────┐
│ Java ClassLoader │ → Load control
│ │ → Code protection
└─────────┬────────┘
↓
┌───────────────────┐
│ Secure Validation │ → Two-phase validation
│ │ → Advanced security
└───────────────────┘Migration Between Methods
From Basic → Secure
// Before (Basic)
Status status = validation.valid(
"https://valid.mlicense.net/api/v1/validation",
"SECRET_KEY",
"LICENSE_KEY",
"PRODUCT",
"VERSION"
);
// After (Secure)
SecureLicenseValidator validator = new SecureLicenseValidator(
"https://valid.mlicense.net",
"SECRET_KEY",
"PRODUCT",
"1.0.0"
);
ValidationResult result = validator.validateLicense(
"LICENSE_KEY",
hardwareId
);Migration steps:
- ✅ Add Secure Validation alongside Basic
- ✅ Test both methods in parallel
- ✅ Gradually switch users
- ✅ Monitor metrics and errors
- ✅ Remove Basic after full migration
Summary and Recommendations
🎯 Quick Selection:
| Scenario | Recommendation |
|---|---|
| MVP / Prototype | Basic HTTP |
| Commercial Application | Secure Validation |
| Enterprise / High-security | Secure + Custom Check |
| Java App with Plugins | ClassLoader + Secure |
| Educational Project | Basic HTTP |
| SaaS Platform | Secure Validation |
💡 General Rule:
The higher the security priority and application value, the more advanced validation method should be used.
FAQ
Q: Can I change the validation method later? A: Yes, you can migrate between methods. We recommend gradual transition and parallel testing.
Q: Which method is the fastest? A: Basic HTTP (1 request) is fastest. Secure Validation (2 requests) is slightly slower, but the difference is minimal.
Q: Does Secure Validation require more resources? A: Yes, but the difference is marginal. Security benefits far outweigh the performance cost.
Q: Can I use different methods for different products? A: Yes, each product can have its own validation method.
Q: How long does it take to implement Secure Validation? A: Basic implementation: ~30-60 minutes. Advanced with all features: 2-4 hours.
Support
Need help choosing the right method?