 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / April 2006Assembly security
IS the DLL's or assemblies written in c# or vb.net are secure ? There are tools in the market which show the source codes of DLL using the disassemblers, any workaround or solutions to protect the .net assemblies ?  SignatureRegards Jaisabari > IS the DLL's or assemblies written in c# or vb.net are secure ? > There are tools in the market which show the source codes of DLL > using the disassemblers, Yup. IL is quite easy to understand, and it's easy to convert it to high level languages like C# and VB.NET. There are obfuscators available, but they just make the process a little harder, anyone who is determined to extract your secret algorithm will be able to do it. (And it is the *determined* crackers you should be worried about, not the casual snooper who are targeted by the obsfuscation vendors.) This might be seen as a weakness of IL, but in fact it is a secure feature of IL. The fact that it is possible for a machine to analyse the IL and determine what it will do means that the JIT compiler can verify that the IL will not do something nasty. This protects you from executing .NET malware downloaded from the internet. The only downside, as you note, is that you cannot make your algorithms secret. > any workaround or solutions to protect the .net assemblies ? The only way to prevent someone from getting access to the IL in your assembly (and using something like Reflector to get the C# or VB.NET source) is to host your code on your own machine as a web service or through .NET remoting. Richard SignatureFree .NET tutorials, Fusion: http://www.grimes.demon.co.uk/workshops/fusionWS.htm Security: http://www.grimes.demon.co.uk/workshops/securityWS.htm Thanks Richard,for the detailed and clear information. But in our case, our dll will be shipped along with the CD and will get installed in the client system. any way we will re-work on the architecture part again, to give a best to our company. SignatureRegards Jaisabari > > IS the DLL's or assemblies written in c# or vb.net are secure ? > > There are tools in the market which show the source codes of DLL [quoted text clipped - 24 lines] > > Richard Try these, http://www.preemptive.com/ http://www.desaware.com/products/books/net/obfuscating/index.aspx http://www.desaware.com/products/licensingsystem/index.aspx SignaturePrakash > Thanks Richard,for the detailed and clear information. > [quoted text clipped - 32 lines] > > > > Richard > Try these, > [quoted text clipped - 3 lines] > > http://www.desaware.com/products/licensingsystem/index.aspx Hmmm, there was an article on the desaware site years ago about obfuscation (available for free), and it gave C++ code to 'obfuscate' code. All it did was changed the names of private members stored in the metadata string table. This was a very simple technique and next to useless in preventing a cracker. More concerning was that the C++ 'coder' used the COM metadata interfaces but clearly did not understand COM because the 'coder' did not release a single interface reference count. Sloppy code like that never inspires confidence. Richard SignatureFree .NET tutorials, Fusion: http://www.grimes.demon.co.uk/workshops/fusionWS.htm Security: http://www.grimes.demon.co.uk/workshops/securityWS.htm Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.