473,320 Members | 1,870 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Securing a .NET application

Hi, what steps do i need to take to make our application as secure as
possible? At some point over the coming months it will be released to
the public and we want to make sure that our competitors cant get access
to our source code.

I know about creating strong key names, but that doesnt stop the IL code
being read. Obfuscation (sp?!) as i briefly understand can help to make
the IL unreadable for anyone who attempts it. But what else can be done?
And what obfuscation tools do you use?

Thanks,

Mark
Jan 31 '06 #1
3 1279
Dotfuscator is the only one I've tried (as it comes with vs.net) but
seems to do the job. Are you storing passwords inside the source code?
Obfuscation is really the only protection you have against source code
theft with an interpreted byte-code language as far as I know. A native
image via NGEN may be one other option.

Jan 31 '06 #2
Chris S. wrote:
Dotfuscator is the only one I've tried (as it comes with vs.net) but
seems to do the job. Are you storing passwords inside the source code?
Obfuscation is really the only protection you have against source code
theft with an interpreted byte-code language as far as I know. A native
image via NGEN may be one other option.


hmm, yeah, i guess we could precompile the .exe for the windows
platform. that would add an extra layer of protection wouldnt it?
Jan 31 '06 #3

"Mark Ingram" <no****@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
| Chris S. wrote:
| > Dotfuscator is the only one I've tried (as it comes with vs.net) but
| > seems to do the job. Are you storing passwords inside the source code?
| > Obfuscation is really the only protection you have against source code
| > theft with an interpreted byte-code language as far as I know. A native
| > image via NGEN may be one other option.
| >
|
| hmm, yeah, i guess we could precompile the .exe for the windows
| platform. that would add an extra layer of protection wouldnt it?

No it won't:
1. you have to ngen on the target platform,
2. you still need the original assembly, you can't run ngen'd images without
it.

Willy.


Jan 31 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
by: David McNab | last post by:
Hi, I'm writing a web app framework which stores pickles in client cookies. The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try tampering with the cookie and malforming...
11
by: Susan Bricker | last post by:
Greetings. I am looking for some advice on making a database secure. By secure, I mean that I want only certain people to have write access to the database and I want the updates to be permitted...
7
by: Tom | last post by:
Can anyone give me any advice on how to secure a folder on a network server so that documents in the folder can only be opened through an Access database or by the database admin. I need to store...
11
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
1
by: ven | last post by:
hello i wanna ask for securing application dll in asp.net in framework 1.1 i have to use dotfuscator to simply and poor secure of my dll so it will be better compiler in framework 2.0 or some...
9
by: carriolan | last post by:
Hi Hi As daft as it may sound I have carried out the approach detailed by Keith Wilby on his site www.keithwilby.com/ down to and inclusive of import objects. I have established that: 1....
4
by: Brad P | last post by:
I have a 2K database with a front end linked to a back end. I need to lock down or secure both ends so a user can not access the raw data in tables etc. I also need usernames and passwords for 50+...
2
Frinavale
by: Frinavale | last post by:
Hello everyone! I'm having a problem securing my connection string. There are a lot of sites out there that explain how to secure a connection string in the Web.config or App.config file;...
4
by: =?Utf-8?B?aGlsZXlq?= | last post by:
Hi, I'm developing a web service that needs to communicate with a custom application on an intranet. There is also a configuration utility which may be run on a different server machine for...
10
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.