 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Distributed Applications / May 2006Protecting Assemblies
I'm building an n-tier application with data access, application and UI layers in separate projects and hence separate assemblies. MyProjectUI.dll MyProjectApp.dll MyProjectDataAccess.dll etc... The application will eventually be publicly available for download and installed on end-users machines. How can I protect my middle tier and DAL assemblies from unauthorised access so that a 'clever' user cannot add a reference to one of my separate assemblies and start calling it's public members. Marking members as Internal only works for classes that are 'inside' the same assembly. Any tips or suggestions would be greatly appreciated. You've crossposted! > I'm building an n-tier application with data access, application and UI > The application will eventually be publicly available for download and [quoted text clipped - 4 lines] > assemblies and start calling it's public members. Marking members as > Internal only works for classes that are 'inside' the same assembly. Fundamentally, you can't trust anything running on a client machine. Normally, a middle tier runs on a remote machine (i.e. a middle tier machine between the client and the database) for just this reason. So, the "correct" answer is not to install the DAL assembly with the client at all, and communicate via some mechanism (such as .NET remoting or web services) with your middle tier. -- Barry You may add the constraints on the calling assembly. Assembly.GetCallingAssembly() And then verify the assembly. Verify against all the parameters - name, version, culture and public key token. Although you cannot trust the other party, but definitely you can verify the other party. You may also want to do some tricks: In the calling assembly, put some embeeded resources, say public key or a bitmap or a secret-key (though nothing is secret because of decompilers). From the DAL assembly, verify that the resources exist untampered. If you are using .Net 2.0, checkout the topic of "Friend Assemblies".  SignatureHappy Hacking, Gaurav Vaish http://www.mastergaurav.org http://www.edujini.in ------------------- > I'm building an n-tier application with data access, application and UI > layers in separate projects and hence separate assemblies. [quoted text clipped - 13 lines] > > Any tips or suggestions would be greatly appreciated. Thanks Gaurav. Interesting and helpful. > You may add the constraints on the calling assembly. > [quoted text clipped - 32 lines] >> >> Any tips or suggestions would be greatly appreciated. > Thanks Gaurav. Interesting and helpful. If you are looking for any professional help in anti-piracy or protecting your code, be sure to contact us. You can either mail me at gvaish[at]edujini[dot]in or directly to info[at]edujini[dot]in It's a small company... about 10 dedicated guys :) The website, altough does not speak of this in depth, is in the signature. And don't miss out the "Expertise" section :-) SignatureHappy Hacking, Gaurav Vaish http://www.mastergaurav.org http://www.edujini.in ------------------- Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.