How to check if expert is bought on market and also authorize 3rd party service?
to only allow web requests from specific EAs that were bought on mql market.
Since you own the 3rd party service, and you specify that it will only be used by EAs bought on the MQL market, you could do a simple obfuscation on both ends.
Something like CryptEncode() could do this for you, but that's only on the MQL side, and you need something portable. The documentation doesn't specify what algorithm is used for CryptEncode(). Maybe it's some sort of SHA-256.
So, perhaps XOR Encryption would do the trick.
https://kylewbanks.com/blog/Simple-XOR-Encryption-Decryption-in-Cpp
Simple, quick, portable, and will thwart most casual purchasers of your EA's.
Sort of depends upon how secure you need this to be. There is an MQL5 MD5 library, which would be more secure than XOR Encryption, but has known vulnerabilities.
Since you own the 3rd party service, and you specify that it will only be used by EAs bought on the MQL market, you could do a simple obfuscation on both ends.
Something like CryptEncode() could do this for you, but that's only on the MQL side, and you need something portable. The documentation doesn't specify what algorithm is used for CryptEncode(). Maybe it's some sort of SHA-256.
So, perhaps XOR Encryption would do the trick.
https://kylewbanks.com/blog/Simple-XOR-Encryption-Decryption-in-Cpp
Simple, quick, portable, and will thwart most casual purchasers of your EA's.
Sort of depends upon how secure you need this to be. There is an MQL5 MD5 library, which would be more secure than XOR Encryption, but has known vulnerabilities.
MD5 can be bruteforced now in reasonable time. Anyway CryptEncode can encode in multiple ways, whatever enum value you will pass to it (attached image). I will probably go for AES-256 with my own key on both sides. Or SHA-256...
Anyway CryptEncode can encode in multiple ways, whatever enum value you will pass to it (attached image).
Ah, I didn't see that as I didn't dig too deeply. Sounds like a plan.
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
You agree to website policy and terms of use
Hi, guys!
So I have this very interesting problem and dunno how to actually overcome it. Idea is this: someone buys EA that requires 3rd party integration (via WebRequests). Let's say I own this required 3rd party web service and I need somehow to protect my service to only allow web requests from specific EAs that were bought on mql market. What are my options? Initially I though I could somehow get community mql5 user id and check if that user (by his id) has this EA bought or not, but looks like this is not an option. Another idea is generate some sort of authorization keys that would be specific and based on bought EA/user hw. However this has to be done without any additional user input (no additional steps after he or she bought said EA). Also ideally I would solve this without requirement of enabled DLLs.