473,396 Members | 1,997 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > security of c# dll

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Security of C# dll

Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott
Nov 17 '05 #1
6 4642
Homer,

You can decompile pretty much any dll that is not obfuscated. Since
..NET assemblies are IL instructions, it's easier to take those instructions
and determine what code was used to generate them (a good decompiler is
Reflector .NET by Lutz Roeder).

In order to protect against this, you want to use obfuscators. VS.NET
2005 will come with one by default (a third-party product named Dotfuscator,
and it is the community edition). Obfuscation is only as good as the
algorithm used. If the algorithm is weak, then some tools will be able to
get around it. Keep this in mind when choosing obfuscators (basically,
check to see if anyone figured out a way to decompile an assembly obfuscated
with that product).

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Homer Simpson" <homer@moe's.com> wrote in message
news:ea**************@TK2MSFTNGP14.phx.gbl...
Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott

Nov 17 '05 #2
Define what you mean by "secure".

There is secure in that no one can hack the code and cause malicious things
to happen, or secure in that your code cannot be decompiled, or secure in
that no one can inherit from your libraries (which can also be used for
malicious purposes), or secure in that different trust levels are assigned
based on where the code was invoked from.
"Homer Simpson" <homer@moe's.com> wrote in message
news:ea**************@TK2MSFTNGP14.phx.gbl...
Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott

Nov 17 '05 #3
The answer is ‘it depends’.

When C# and VB.NET code is compiled, it is compiled to MSIL (Microsoft
Intermediate Language), and during this process a large amount of metadata is
created which is easily readable and can be used for many things such as
reverse engineering and code interoperability.

Take a look at the .NET Reflector (http://www.aisto.com/roeder/dotnet/) to
get an idea of what can be done with this metadata.

In order to eliminate much of this useful information, you can obfuscate the
data with something like
Dotfuscator(http://www.preemptive.com/products/dotfuscator/) which renames
all of the names and other telling bits of data within the assembly so as to
make reverse engineering much more difficult.

Brendan
"Homer Simpson" wrote:
Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott

Nov 17 '05 #4
My original concern was just preventing my dlls from being decompiled... or
at least making the process as difficult as possible. I was just looking at
the Dotfuscator website and learning a little more about this. I'm looking
to protect my intellectual property and methodologies more than preventing
someone from maliciously using my code.

Thanks,
Scott
"Peter Rilling" <pe***@nospam.rilling.net> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Define what you mean by "secure".

There is secure in that no one can hack the code and cause malicious
things
to happen, or secure in that your code cannot be decompiled, or secure in
that no one can inherit from your libraries (which can also be used for
malicious purposes), or secure in that different trust levels are assigned
based on where the code was invoked from.
"Homer Simpson" <homer@moe's.com> wrote in message
news:ea**************@TK2MSFTNGP14.phx.gbl...
Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott


Nov 17 '05 #5
Homer Simpson <homer@moe's.com> wrote:
My original concern was just preventing my dlls from being decompiled... or
at least making the process as difficult as possible. I was just looking at
the Dotfuscator website and learning a little more about this. I'm looking
to protect my intellectual property and methodologies more than preventing
someone from maliciously using my code.


It might be worth taking a look at
<http://www.pobox.com/~skeet/csharp/obfuscation.html>.
Nov 17 '05 #6
coming soon...Goliath.NET the last secure Obfuscator for .net platform! try
to decompile ours simple example (exe or dll).

best regards,
Marcello Cantelmo
www.cantelmosoftware.com (at the moment only in Italian language)
"Homer Simpson" <homer@moe's.com> ha scritto nel messaggio
news:ea**************@TK2MSFTNGP14.phx.gbl...
Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott

Nov 17 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
row level security
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...
DB2 Database
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
4
Error using WS-Security
by: Ashish | last post by:
Hi Guys I am getting the following error while implementing authentication using WS-security. "Microsoft.Web.Services2.Security.SecurityFault: The security token could not be authenticated...
C# / C Sharp
0
Error while executing .NET remoing security dlls
by: prithvi g via .NET 247 | last post by:
Hi I am a newbie to .NET remoting, I am trying to implementauthorization using SSPI example provided by Michael Barnett. Ihave included the required dll(Microsoft.Samples.Security.SSPI.dll...
C# / C Sharp
1
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
0
Referenced security token could not be retrieved
by: Jay C. | last post by:
Jay 3 Jan. 11:38 Optionen anzeigen Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen Datum: 3 Jan...
.NET Framework
3
FxCop App Security
by: Velvet | last post by:
I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is,...
ASP.NET
1
Code Access Security - General Question
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...
.NET Framework
2
Embedding Windows Form Control to ASP .NET Security Problem
by: Budhi Saputra Prasetya | last post by:
Hi, I managed to create a Windows Form Control and put it on my ASP .NET page. I have done the suggestion that is provided by modifying the security settings. From the stack trace, I would...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!