Adding password protection to your Indicator / Expert Advisor
This professional-grade solution for MetaTrader 4 helps traders achieve greater efficiency in their daily workflow. This Expert Advisor serves as automated trading software. It is utilized to monitor financial markets and execute trades based on predefined algorithmic rules, enabling precise position management without the need for constant manual oversight.
How to Setup and Use Adding password protection to your Indicator / Expert Advisor
1. Installation: Open the "File" menu, select "Open Data Folder," navigate to MQL/Experts, paste your file, and restart the terminal.
2. Activation: Drag the EA from the Navigator onto a chart, ensure "Allow live trading" is checked in the Common tab, and verify the AutoTrading button is green.
3. Optimization: Right-click your chart, choose "Expert List," click "Properties" to adjust inputs, and save your preferred setup as a set file for future use.
4. Maintenance: Regularly check the "Experts" tab in the terminal window to monitor trade logs and potential execution errors.
Frequently Asked Questions
Q: Why is my EA not opening trades? A: Check the "AutoTrading" button, ensure "Allow live trading" is enabled, and verify your broker allows automated trading on your account type.
Q: Can I run multiple EAs on one chart? A: No, each chart can only host one active EA; however, you can open multiple charts for different currency pairs to run several EAs.
Q: What does the "smiley face" icon mean? A: A smiley face in the top-right corner of the chart indicates the EA is successfully running; a frowny face means it is disabled.
Description & Settings
Several methods of protecting your code have been proposed over the past, but were either too simple (less secure), required re-compilation of your code for each new customer (ok if you only plan on having a dozen or so customers) or far too complicated involving a remote host to validate the client terminal.
Here I propose a simple password verification scheme which uses MT4's built in security engine providing DES/ECB encryption and does not require code re-compilation for each new customer.
Having worked on several high profile Canadian smart card initiatives, I became quite familiar with the various security schemes used by financial institutions and card issuers. The first question you have to ask yourself is "What's at risk?". A risk assessment is always done when starting a project with these guys. If the answer is "Millions and millions of dollars", then this security scheme is not for you.
If, on the other hand, your answer is "A month or two of coding if somebody spends about a year hacking my security scheme", then this solution is for you. The single DES key used in this encryption scheme will provide more than adequate security for your code and will not require code re-compilation for new clients.
I have provided two source files for your convenience. The first one "Password_Check" is what you will add to your indicator or expert advisor. It will verify the password entered by the user in the input parameter "Password" and if the password is incorrect (or if the user is offline) it will display a user friendly message, remove the expert (if that's what's running) and return a INIT_FAILED status.
The second file, "Password_Generate", is used to enter the client's name and account number you want to protect. It will display the password generated so you can provide this to your clients. Obviously, you don't want to include this code in your final product! :)
So let's get started...
First, we need to define an input string to your indicator or Expert Advisor:
Next, we add code in the init() function to check the password and display a message if the password is incorrect, if the user is offline or the user simply didn't enter a password.
Now come the meat... We need to encode the client name and account number with our DES key, encode the result into BASE64 and compare with the password entered. If the result matches, you have a happy customer. If they don't, you have a hacker trying to crack your DES key. Given that the expert advisor will unload itself each time a wrong password is entered, you'll probably have time to retire in Bora Bora before they succeed!
That's it! We can now validate the client name (as taken from MetaTrader 4's client account name) plus the client account number (also taken from MetaTrader 4).
If your licensing policy is to allow multiple accounts for a single client, then you only need to remove the account number from the 'client' string, as follows:
Of course you can do a mix and match with "Broker Name", "Account Name" and "Account Login" the way you see fit. Just remember that the longer the 'client' variable is, the longer the encrypted password will be.
Next, let's take a look at the "Password_Generate" code. What we want to do is the same as the "Password_Check" but instead of entering a password into the EA, we want to enter the client name (or combination of Broker Name, Account Name and Account Login you choose) to be encrypted and then display the generated password. This is what you'll give to your clients when they purchase your kick-ass indicator and/or Expert Advisor.
Again, in your init() function you'll add the following code.
Now we do a slight modification to our "Password_Check()" function to return a string of the encoded password. Remember to use the same password in BOTH the Password_Check() function and Password_Generate() function. You can image what will happen if you don't!
As stated before, this security scheme does not require you re-compile your code for each new customer or code a server side validation host while providing pretty good security for your hard work creating that kick-ass indicator / Expert Advisor of yours!
Cheers!
-Claude.
