I am developing a program that I want to share with certain people, however if I change my mind about these people I want to be able to 'revoke' their access to the program.
Ideally this would be on a per-user basis rather than just blocking all instances of the program. Something along the lines of user accounts, but at the moment I don't really have access to a server where these accounts could be authenticated so a simpler method is probably in order.
Am I being too ambitious?
(If it is relevant I am using Java.)
Sorry, I missed a few relevant details:
The application will be used almost entirely online. I don't expect the userbase to be far over 100 (and that is ambitious), if there were more than 100 users I would splash out on an authentication server of some sort, however the closest thing to this I have at the moment is a basic FTP server that I could store files on.
Thanks for all the answers, its a shame that SO only lets me choose one best answer. :) Thank you guys.
There is no way to do this with a 100% guarantee. Except for a hardware solution (which can also be worked around) the software is manipulatable.
As a very simple example, take a Windows program (Java is even easier) that checks the date to see if it can run (think trial ware). Even without setting the clock back you can defeat it - figure out what calls it is making to check the date and then provide an alternate DLL that changes that call to always return a date that will work.
If you go with a server that the clients have to connect to that will work better, since you can do all validity checking server side. But you cannot simply return a true/false thing since you can then change things at the network level to alter the false to a true. To work around that you would need to use SSL to encrypt the network traffic.
The "better" (off the top of my head) is to have the server do the work of the program and just have the program display the results. Then for clients that do not have access the server just refuses to return results to them.