@Alfa1, thank you for your concerns.
We are working with web applications and particularly add-ons for about 8 years already, and we already met the problem you highlight here, so we have built our licensing system having this in mind.
The reasons we chose this model are numerous, one of them is providing of different types of licenses, especially completely free trial mode and fully automated branding removal. Our licensing system was built from ground-up, with server-side handled by WHMCS and our in-house addon for it, and the part included in the products is a module carefully developed by us, tested and included in the packages automatically, so there are no bugs associated with the implementation of the licensing system itself.
The biggest number of problems we saw with licensed add-ons and callbacks was connected with the fact, that the provider unavailable, temporarily or permanently, and of course, it is not in our plans to become unavailable
We are thankful to everyone doing business with us, and we will definitely consider making the products open source in case we are not planning or just unable to keep them updated and developed and provide the level of customer satisfaction we target.
We did, however, consider the possibility of servers being temporarily unavailable. Local licensing information is updated only when we actually succeed connecting to the server. Any type of failure (wrong SSL certificate, connectivity issue, any response from our server except 200 OK ) is considered our server's error and does not affect the already available local license data.
As we mention in all our add-ons, licensing check is done only via admin panel (when you save the licensing key), and in a cron job. We consider this the most important part of our implementation, as any license check on front-end is prone to race conditions and is guaranteed to cause issues on boards with high load. On the other hand, one call to a remote server per hour, with any possible errors being handled (they are not even stored in XenForo Server Errors, but only locally with licensing information), is hard to imagine to cause any technical issues.
Of course, we are aware of malicious use of the licensing system, but I guess we can do nothing if a developer decides to include any malicious logic in the code, no matter connecting with licensing or not, with or without callbacks. Of course, we don't run any such code in our add-ons, do not interfere with uninstallation etc. Feel free contact us at
https://customers.addonslab.com/submitticket.php?step=2&deptid=2 and we will provide you with the product package and licensing system code to review it.
The discussion you have linked to about licensing errors in Best Answer add-on is very interesting, and I definitely like the idea of requesting info from our side instead of a callback. We will definitely consider implementing this. This may be in a form of XML file or some other format. We may also consider implementing this as a PHP script, that would give us better control not only to be notified about invalid add-on usage but also be able to take action (for example, notify the admin via email and disable the add-on). Please let us know your thoughts on this, and if you foresee any issues with this approach.
We will update all products with the new system soon.
Thank you for your considerations one more time, we will be glad to discuss this further and resolve any possible issues.
Thank you!