473,406 Members | 2,371 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > security and c# - how secure are c# applications (w.r.t ip) ?

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Security and C# - how secure are C# applications (w.r.t IP) ?

We are currently developing a commercial application which we are
writing mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing
assembles and using role based security policies etc have limited
benefits if an end user can easily reverse engineer the binaries and
"side step" any implemented security policies.

I may be over emphasising the problem - but I'd like to know what
measures commercial vendors out there (that use C#), are employing to
ensure that their IP stays as safe as possible?

MTIA

Dec 15 '05 #1
5 1454
Reverse engineering only poses a threat to security if your security is
implemented on the client side. That's obviously a bad idea.

Even if you stick with C/C++, you'll only make reverse engineering
slightly harder, not impossible. Anyone with enough motivation will be
able to crack it anyway - just look at how the copy protection in video
games is cracked within hours of release. The real solution is to
implement your security measures on the server, where attackers won't
be able to read or alter the code.

Jesse

Dec 15 '05 #2
With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA

Dec 15 '05 #3

"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA


A couple of great obfuscators I've seen are CodeVeil and XenoCode Protector.

See if that helps you. But, as one person already mentioned, resign
yourself now to some amount of hackery. Even if just to prove they can do
it.

Tom P.
Dec 15 '05 #4
With regards to reverse engineering, has anyone heard about a tool to reverse-engineer from C#
source code to UML?

Ivan

Marc Gravell wrote:
With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA


Dec 16 '05 #5
Well, there's the class diagram tool built into Visual Studio 2005.

Jesse

Ivan wrote:
With regards to reverse engineering, has anyone heard about a tool to reverse-engineer from C#
source code to UML?

Ivan

Marc Gravell wrote:
With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA



Dec 17 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
ASP Security
by: GingerNinja | last post by:
I am trying to prevent users from submitting HTML pages from their local machine to our website and I was wondering what the best way of doing this was. I was thinking about using the...
ASP / Active Server Pages
5
Security design questions
by: Wescotte | last post by:
I'm currently working on desiging several web based applications that would be grouped into a larger web based menu system. However I'm not sure exactly how to go about making it as secure as...
PHP
0
San Diego .NET User Group Nov 25th meeting, Michele Leroux Bustamente, .NET Reflection and Code Access Security
by: Brian Loesgen | last post by:
The next San Diego .Net User Group meeting is Tuesday, November 25, 2003 at the Scripps Ranch Library. Scripps Ranch Library 10301 Scripps Lake Drive San Diego, CA 92131-1026 Please join us...
.NET Framework
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
1
C Sharp and Security
by: Vivek | last post by:
Hi, Microsoft is really concerned with security the last 2 years. Just today I read one article about one more security lapse in the network run applications. I had been attending some of the...
C# / C Sharp
1
handling security in applications
by: Vivek Sharma | last post by:
Hi There, I have always wondered what sort of security is the best for a windows application. I am designing an application and I wish to understand whats best to implement. Is it role based...
C# / C Sharp
1
Webservices and "pass through" security
by: Tom | last post by:
Hi, I am currently on a project where one site needs to send the user credentials to another site, through web services. Scenario: * "User 1" will authenticate to "Site A" using NTLM ("Site...
ASP.NET
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
1
Code Access Security - General Question
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...
.NET Framework
15
Security - PHP Vs Java
by: himilecyclist | last post by:
My State government organization has written a PHP/MySQL application which has been in production for about 6 months and has been highly successful. We are now embarking on a similar database...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!