471,350 Members | 1,813 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,350 software developers and data experts.

Security and C# - how secure are C# applications (w.r.t IP) ?

We are currently developing a commercial application which we are
writing mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing
assembles and using role based security policies etc have limited
benefits if an end user can easily reverse engineer the binaries and
"side step" any implemented security policies.

I may be over emphasising the problem - but I'd like to know what
measures commercial vendors out there (that use C#), are employing to
ensure that their IP stays as safe as possible?

MTIA

Dec 15 '05 #1
5 1326
Reverse engineering only poses a threat to security if your security is
implemented on the client side. That's obviously a bad idea.

Even if you stick with C/C++, you'll only make reverse engineering
slightly harder, not impossible. Anyone with enough motivation will be
able to crack it anyway - just look at how the copy protection in video
games is cracked within hours of release. The real solution is to
implement your security measures on the server, where attackers won't
be able to read or alter the code.

Jesse

Dec 15 '05 #2
With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA

Dec 15 '05 #3

"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA


A couple of great obfuscators I've seen are CodeVeil and XenoCode Protector.

See if that helps you. But, as one person already mentioned, resign
yourself now to some amount of hackery. Even if just to prove they can do
it.

Tom P.
Dec 15 '05 #4
With regards to reverse engineering, has anyone heard about a tool to reverse-engineer from C#
source code to UML?

Ivan

Marc Gravell wrote:
With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA


Dec 16 '05 #5
Well, there's the class diagram tool built into Visual Studio 2005.

Jesse

Ivan wrote:
With regards to reverse engineering, has anyone heard about a tool to reverse-engineer from C#
source code to UML?

Ivan

Marc Gravell wrote:
With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
"Susan Baker" <sb****@no.spam.net> wrote in message
news:dn**********@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA



Dec 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by GingerNinja | last post: by
5 posts views Thread by Wescotte | last post: by
116 posts views Thread by Mike MacSween | last post: by
1 post views Thread by Vivek | last post: by
1 post views Thread by Vivek Sharma | last post: by
1 post views Thread by Tom | last post: by
7 posts views Thread by Magdelin | last post: by
1 post views Thread by Jeremy S. | last post: by
15 posts views Thread by himilecyclist | last post: by
reply views Thread by XIAOLAOHU | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.