473,721 Members | 2,413 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Securing a .NET application

Hi, what steps do i need to take to make our application as secure as
possible? At some point over the coming months it will be released to
the public and we want to make sure that our competitors cant get access
to our source code.

I know about creating strong key names, but that doesnt stop the IL code
being read. Obfuscation (sp?!) as i briefly understand can help to make
the IL unreadable for anyone who attempts it. But what else can be done?
And what obfuscation tools do you use?

Thanks,

Mark
Jan 31 '06 #1
3 1293
Dotfuscator is the only one I've tried (as it comes with vs.net) but
seems to do the job. Are you storing passwords inside the source code?
Obfuscation is really the only protection you have against source code
theft with an interpreted byte-code language as far as I know. A native
image via NGEN may be one other option.

Jan 31 '06 #2
Chris S. wrote:
Dotfuscator is the only one I've tried (as it comes with vs.net) but
seems to do the job. Are you storing passwords inside the source code?
Obfuscation is really the only protection you have against source code
theft with an interpreted byte-code language as far as I know. A native
image via NGEN may be one other option.


hmm, yeah, i guess we could precompile the .exe for the windows
platform. that would add an extra layer of protection wouldnt it?
Jan 31 '06 #3

"Mark Ingram" <no****@nowhere .com> wrote in message
news:%2******** ********@TK2MSF TNGP15.phx.gbl. ..
| Chris S. wrote:
| > Dotfuscator is the only one I've tried (as it comes with vs.net) but
| > seems to do the job. Are you storing passwords inside the source code?
| > Obfuscation is really the only protection you have against source code
| > theft with an interpreted byte-code language as far as I know. A native
| > image via NGEN may be one other option.
| >
|
| hmm, yeah, i guess we could precompile the .exe for the windows
| platform. that would add an extra layer of protection wouldnt it?

No it won't:
1. you have to ngen on the target platform,
2. you still need the original assembly, you can't run ngen'd images without
it.

Willy.


Jan 31 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
4760
by: David McNab | last post by:
Hi, I'm writing a web app framework which stores pickles in client cookies. The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try tampering with the cookie and malforming it in an attempt to get the server-side python code to run arbitrary code, or something similarly undesirable. To protect against this, I've subclassed pickle.Unpickler, and added
11
1897
by: Susan Bricker | last post by:
Greetings. I am looking for some advice on making a database secure. By secure, I mean that I want only certain people to have write access to the database and I want the updates to be permitted while other read-only users may be browsing and generating reports. I am working with MS/ACCESS 2000 and would like to split the database into a front-end and back-end and then put the back-end onto a shared drive that all of my group has access...
7
2211
by: Tom | last post by:
Can anyone give me any advice on how to secure a folder on a network server so that documents in the folder can only be opened through an Access database or by the database admin. I need to store MS Word docs in a folder on a network server. The database admin will save the docs to the folder. The docs must be available to Word automation out of a specific Access database and available to the database admin out of MS Word. Only users of...
11
3431
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice that made sense. One comment I've seen alot about is "securing the hashing routine" but no-one explains how to accomplish this. So how do I secure my hashing routine? Do I use code access security, role based security, ACLs, etc or combination?...
1
1283
by: ven | last post by:
hello i wanna ask for securing application dll in asp.net in framework 1.1 i have to use dotfuscator to simply and poor secure of my dll so it will be better compiler in framework 2.0 or some tools to secure dlls or i have to use poor dotfuscator ? PAT
9
1786
by: carriolan | last post by:
Hi Hi As daft as it may sound I have carried out the approach detailed by Keith Wilby on his site www.keithwilby.com/ down to and inclusive of import objects. I have established that: 1. IPGAdmin is now a member of the ‘Admins’ group and owns the database and imported objects. 2. Admin the old user does not own the objects or the database and does not have any permissions.
4
3909
by: Brad P | last post by:
I have a 2K database with a front end linked to a back end. I need to lock down or secure both ends so a user can not access the raw data in tables etc. I also need usernames and passwords for 50+ users. I've experimented with securing the database but can't get it the way I want it. I can still use the shift key to obtain access. Anyone have a link to a site or something to give me a guideline as to what I can do? Thanks
2
1580
Frinavale
by: Frinavale | last post by:
Hello everyone! I'm having a problem securing my connection string. There are a lot of sites out there that explain how to secure a connection string in the Web.config or App.config file; however, my connection string is being used within a Class Library (implemented with VB.NET), which doesn't have these files. This class library is used by a web application to do all of my database manipulation so it is run under the ASPNET account....
4
323
by: =?Utf-8?B?aGlsZXlq?= | last post by:
Hi, I'm developing a web service that needs to communicate with a custom application on an intranet. There is also a configuration utility which may be run on a different server machine for setting up and altering parameters on the service. This configuration web application may be browsed to via intranet or internet. This is the first work I've done with web services, so sorry for any incorrect terminology or nonsense statements.
10
3370
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1. Data encrypted by AES key 2. AES key encrypted with Asymmetric public key (?)
0
8851
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9373
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
9138
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8016
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5992
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4491
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4761
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3201
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2137
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.