I need some tips on how to authenticate licenses (user / license key ) .
Is it better to do what many games do, which is validating the cd key from company servers. Is there a guide on how to implement this without becoming "cracked" or "patched" ?
OR is it better to just validate user / license key within the software ? Would you not see keygens floating around the net after a while ?
Please advise.
If you do it client side then the code can be decompiled and the algorithm learned. Keeping it on the server side prevents that.
If you simply return "true/false" type of thing a proxy server could be developed that simply returns "true" all the time so the client thinks it is enabled when it wasn't.
You will need to do the work on the server and provide some means of encryption for the network communication.
Even then it is still possible to defeat such a scheme (I won't go into the details, but pretty much all apps that do this sort of thing are defeatable). To really make this work you have to do some of the actual work on the server instead of the client so that the results cannot simply be faked.