[sword-devel] How to validate a Sword module unlock key?

Tobias Klein contact at tklein.info
Sun Feb 2 00:36:37 MST 2020 

Hi Troy,

Thank you! I appreciate your and everybody else's time spent on this 
discussion and I respect your decision!

> 1) BEFORE INSTALLATION: I don't think there is enough advantage to 
> verifying the key before install to warrant moving a hash to the conf 
> while and putting that burden on the module writers and risk 
> inconsistencies.  Sure, it would work, but why do we really want to 
> allow checking before module install?  In the normal use case, the 
> user will need to install the module anyway if they have a valid key, 
> so we would only be benefiting users with invalid keys.
>
I'm also assuming that the user has a valid key when attempting to 
install a locked module. However, while entering the key into the input 
field (maybe copy & paste, but could also be different methods) he could 
miss one character and that would be enough to stop the unlock from 
working. For cases like that I thought the pre-install-validation may be 
nice - to avoid input errors like that and simply fix that quickly based 
on validation rather than making the user wait for the installation to 
happen first.

> I suspect, for you, this might cause additional hassles because you 
> are doing something we don't recommend or support: extracting module 
> data from our format and placing it in your own storage format for 
> your application.  I would continue to suggest you access SWORD data 
> directly from SWORD modules, on demand, as all of our other 
> applications, instead of converting all the data to your own format 
> (which has more issues for copyrighted and locked modules).
>

I don't think it causes additional hassles for me (with Ezra Project) - 
compared to the efforts in other frontends. However, in any case I'm 
planning to switch my approach in Ezra Project to directly reading from 
Sword modules instead of reading from the sqlite database I currently 
have. The database is there for historic reasons, because I had the 
software/frontend available and last year looked for a quick way to make 
it work with Sword (in the sense of Minimum Viable Product). I may 
change this already in one of the next releases.

I'm now moving forward in my implementation for the unlock mechanism. 
One more question: Is there at least any basic pattern that I could 
check for to avoid basic errors in entering the key?
At the moment I'm only checking for "string length > 0" before accepting 
the key.

Thanks once more!

Best regards,
Tobias

More information about the sword-devel mailing list