By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,671 Members | 1,393 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,671 IT Pros & Developers. It's quick & easy.

How can i protect myself against decompilers

P: n/a
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com
Nov 16 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Secrets should not be stored in code as string are always stored as a
sequence of bytes. You could encrypt it, but then where would you put the
decryption key so that your program can use it.

Why not put the password in a config file controlled by the user?

"Dakkar" <da****@sylveria.gen-dot-tr.no-spam.invalid> wrote in message
news:42**********@127.0.0.1...
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com

Nov 16 '05 #2

P: n/a
"Dakkar" <da****@sylveria.gen-dot-tr.no-spam.invalid> wrote in
message news:42**********@127.0.0.1...
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks

Could you please content yourself with posting your
queries just once and under just one identity?
Repeated posting is rude, especially after people
have already answered your question.

--
--Larry Brasfield
email: do***********************@hotmail.com
Above views may belong only to me.
Nov 16 '05 #3

P: n/a
my code is like this how can i protect my password and this password
has to be included in my exe
is it possible to make it byte if it is how?
public bool sorgu(String u_name, String pw)
{
MyCmd = new OdbcCommand();
MyConn = new OdbcConnection("DRIVER={MySQL ODBC 3.51
Driver};" + "SERVER=212.98.232.34;" +
"DATABASE=account;" + "UID=root;" +
"PWD=12345;" + "Port=3306;" +
"Option=16384;" + "Stmt=;" +
"DSN=mysql_csystem;");
MyConn.Open();
MyCmd.Connection = MyConn;
StringBuilder SQL = new StringBuilder();
SQL.Append("SELECT ");
SQL.Append("username,rndpass ");
SQL.Append("FROM ");
SQL.Append("accounts ");
SQL.Append("where ");
SQL.Append("username ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(u_name);
SQL.Append("' ");
SQL.Append("and ");
SQL.Append("password ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(pw);
SQL.Append("'");
MyCmd.CommandText = SQL.ToString();
OdbcDataReader result =
MyCmd.ExecuteReader(CommandBehavior.CloseConnectio n);
int nResultCount = 0;
while (result.Read())
{
uouser = result.GetString(0);
uopass = result.GetString(1);
++nResultCount;
}
if (nResultCount != 0)
{
txt1.Text += "Kullanici Adi ve Sifre
Dogrulandi....\n\n";
return true;
}
else
{
return false;
}
}

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com
Nov 16 '05 #4

P: n/a
In short you cannot. You can make it more difficult by obfuscating the code
or doing a base64 encoding. Or even encrypting the string, but then you
have to store the decryption key somewhere and you might be back to square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new byte[]
{40, 41, 42, 43}" where you initialize the array with the character codes
for the password, but that is really not much more protective then plain
text.

As long as the password is in the program, if someone wanted access, then
could easily backtrack from the point of creating the SqlConnection object
to where the connection string was created. Anything you do would be like
locking your house, but putting the key under the doormat.

"Dakkar" <da****@sylveria.gen-dot-tr.no-spam.invalid> wrote in message
news:42**********@127.0.0.1...
my code is like this how can i protect my password and this password
has to be included in my exe
is it possible to make it byte if it is how?
public bool sorgu(String u_name, String pw)
{
MyCmd = new OdbcCommand();
MyConn = new OdbcConnection("DRIVER={MySQL ODBC 3.51
Driver};" + "SERVER=212.98.232.34;" +
"DATABASE=account;" + "UID=root;" +
"PWD=12345;" + "Port=3306;" +
"Option=16384;" + "Stmt=;" +
"DSN=mysql_csystem;");
MyConn.Open();
MyCmd.Connection = MyConn;
StringBuilder SQL = new StringBuilder();
SQL.Append("SELECT ");
SQL.Append("username,rndpass ");
SQL.Append("FROM ");
SQL.Append("accounts ");
SQL.Append("where ");
SQL.Append("username ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(u_name);
SQL.Append("' ");
SQL.Append("and ");
SQL.Append("password ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(pw);
SQL.Append("'");
MyCmd.CommandText = SQL.ToString();
OdbcDataReader result =
MyCmd.ExecuteReader(CommandBehavior.CloseConnectio n);
int nResultCount = 0;
while (result.Read())
{
uouser = result.GetString(0);
uopass = result.GetString(1);
++nResultCount;
}
if (nResultCount != 0)
{
txt1.Text += "Kullanici Adi ve Sifre
Dogrulandi....\n\n";
return true;
}
else
{
return false;
}
}

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com

Nov 16 '05 #5

P: n/a
> Peter Rillingwrote:
In short you cannot. You can make it more difficult by obfuscating
the code
or doing a base64 encoding. Or even encrypting the string, but then you have to store the decryption key somewhere and you might be back to square one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new byte[] {40, 41, 42, 43}" where you initialize the array with the character codes for the password, but that is really not much more protective then plain text.

As long as the password is in the program, if someone wanted access, then could easily backtrack from the point of creating the SqlConnection object to where the connection string was created. Anything you do would be like locking your house, but putting the key under the doormat.


So what can i do for prevent people to see my password
and this program has to connect to mysql with root access
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com
Nov 16 '05 #6

P: n/a
Correct. You should really re-engineer the whole system so that the
password does not have to be stored in the executable. Not only is that
safer, but it makes it easier to change the password later. And, let's be
honest, any system that uses passwords but does not make it easy to change
the password is not a very good system.

"Peter Rilling" <pe***@nospam.rilling.net> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
In short you cannot. You can make it more difficult by obfuscating the
code
or doing a base64 encoding. Or even encrypting the string, but then you
have to store the decryption key somewhere and you might be back to square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new
byte[]
{40, 41, 42, 43}" where you initialize the array with the character codes
for the password, but that is really not much more protective then plain
text.

As long as the password is in the program, if someone wanted access, then
could easily backtrack from the point of creating the SqlConnection object
to where the connection string was created. Anything you do would be like
locking your house, but putting the key under the doormat.

"Dakkar" <da****@sylveria.gen-dot-tr.no-spam.invalid> wrote in message
news:42**********@127.0.0.1...
my code is like this how can i protect my password and this password
has to be included in my exe
is it possible to make it byte if it is how?
public bool sorgu(String u_name, String pw)
{
MyCmd = new OdbcCommand();
MyConn = new OdbcConnection("DRIVER={MySQL ODBC 3.51
Driver};" + "SERVER=212.98.232.34;" +
"DATABASE=account;" + "UID=root;" +
"PWD=12345;" + "Port=3306;" +
"Option=16384;" + "Stmt=;" +
"DSN=mysql_csystem;");
MyConn.Open();
MyCmd.Connection = MyConn;
StringBuilder SQL = new StringBuilder();
SQL.Append("SELECT ");
SQL.Append("username,rndpass ");
SQL.Append("FROM ");
SQL.Append("accounts ");
SQL.Append("where ");
SQL.Append("username ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(u_name);
SQL.Append("' ");
SQL.Append("and ");
SQL.Append("password ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(pw);
SQL.Append("'");
MyCmd.CommandText = SQL.ToString();
OdbcDataReader result =
MyCmd.ExecuteReader(CommandBehavior.CloseConnectio n);
int nResultCount = 0;
while (result.Read())
{
uouser = result.GetString(0);
uopass = result.GetString(1);
++nResultCount;
}
if (nResultCount != 0)
{
txt1.Text += "Kullanici Adi ve Sifre
Dogrulandi....\n\n";
return true;
}
else
{
return false;
}
}

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com


Nov 16 '05 #7

P: n/a
Check out the Trojan website, they have a rather extensive line of
protection utlities.

"Dakkar" <da****@sylveria.gen-dot-tr.no-spam.invalid> wrote in message
news:42**********@127.0.0.1...
Peter Rillingwrote:

In short you cannot. You can make it more difficult by obfuscating
the code
or doing a base64 encoding. Or even encrypting the string, but then

you
have to store the decryption key somewhere and you might be back to

square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like

"new byte[]
{40, 41, 42, 43}" where you initialize the array with the character

codes
for the password, but that is really not much more protective then

plain
text.

As long as the password is in the program, if someone wanted access,

then
could easily backtrack from the point of creating the SqlConnection

object
to where the connection string was created. Anything you do would

be like
locking your house, but putting the key under the doormat.


So what can i do for prevent people to see my password
and this program has to connect to mysql with root access
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com

Nov 16 '05 #8

P: n/a
> gerrywrote:
Check out the Trojan website, they have a rather extensive line of
protection utlities.


Can you give me the adress please
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com
Nov 16 '05 #9

P: n/a
http://www.trojancondoms.com/product_info/index.asp

"Dakkar" <da****@sylveria.gen-dot-tr.no-spam.invalid> wrote in message
news:42**********@127.0.0.1...
gerrywrote:

Check out the Trojan website, they have a rather extensive line of
protection utlities.


Can you give me the adress please
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com

Nov 16 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.