Safe Activation Security
    On July 27, 2014 Godaddy a large web hosting company made an unannounced security change to their Apache servers. That change affects the HTTP POST command that is a fundamental to some Internet communication. The change will potentially affect thousands of websites and millions of applications currently running on computers that use those websites.

    While most developers can appreciate the security challenges faced by web hosting companies, unannounced changes to core Internet infrastructure are seldom welcome or painless. Since Safe Activation is hosted on Godaddy servers, the change will impact some applications that use Safe Activation. This page describes which applications are likely to be affected, suggests immediate workarounds and permanent solutions to accommodate this Internet security change.

Affected Applications and Symptoms

    Windows applications are not affected.

    Mac OS X applications that use an Activation dialog to perform an automated activation process through Safe Activation or use the automated license release or restore process may be affected depending on the specific runtime file being used.

    The most common symptom of an affected application occurs during the activation process. After filling in the Activation dialog and clicking the Activate Now button, an error message is presented indicating that the activation failed.

    Mac applications that get an Activation Code directly from a vendor are not affected. Since the security change does not affect most web browsers, retrieving an Activation Code from the activation web page presented by Safe Activation works fine. Protected applications that use QuickLicenseRTX, PluginFMQLRT, PluginXojoQLRT and QLRT Xcode are not affected.

    A Mac application that uses the programming API with QuickLicenseRT or a Linux application that uses QuickLicenseRT may be affected. A Mac application wrapped with AddLicense, AppProtect or DocProtect is affected if it presents an automated activation dialog that communicates with Safe Activation.

Solutions

    On July 29, 2014 Excel Software updated the current version of all affected Mac applications to accommodate the security change. Mac developers with the current major release of these products are encouraged to uninstall, download and install the updated version.

    Enhanced Applications: Download Page

    Most developers already use current versions of QuickLicense and related tools to give their customers the best experience on Mavericks. Apple has made major changes to the OS in recent years. With a free Mavericks download, most Mac users have been quick to upgrade their OS. Current Excel Software products have been enhanced to support Mac OS X 10.7 thru 10.9.

    If you use a wrapping tool like AddLicense, AppProtect, DocProtect or MakeServer (from QuickLicense Server) to produce a protected application, then click the Build button to regenerate your application with the new enhancement. If you use the QuickLicense API and distribute an affected runtime file, simply replace that file.

    New Legacy Builds of QuickLicenseRT, AddLicense, AppProtect and DocProtect are now available to support Mac OS X 10.6 and earlier.

Workarounds

    Here are some immediate workarounds. Before suggesting a workaround to a customer, the vendor must test the process on their own computer with their specific application.

    Manual Activation

    1. Disconnect Internet, then launch application to see Select Activation Type dialog.

    2. Write down Request Number and URL displayed in dialog.

    3. Enter URL into a web browser on an Internet connected computer to get an Activation Code. Alternatively, contact the vendor for an Activation Code. The vendor can use the activation web page from a browser, QuickLicense or LicenseSupport to get the Activation Code.

    4. Click the Manual Activation button in Select Activation Type dialog, then enter the Serial Number and Activation Code.

    Replace QuickLicenseRT with QuickLicenseRTX

      If your application uses the programming API with QuickLicenseRT and you have a newer edition of QuickLicense Pro MacOSX, you should find QuickLicenseRTX in the Invisible Runtime folder. The commands supported by QuickLicenseRTX are nearly identical to those in QuickLicenseRT, but the user interface may appear slightly different.

      For most applications, a developer can rename QuickLicenseRTX to QuickLicenseRT and replace the current QuickLicenseRT file that the application is using.

WebActivation and Desktop License Server

    WebActivation or Desktop License Server are hosted on a vendors website and perform some of the same activation and licensing services that are available in Safe Activation.

    Those activation servers are unlikely to be affected unless the vendor hosts their website on Godaddy or with another hosting company that has or plans to implement the same security change to their servers.