473,507 Members | 2,395 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How secure is our source code?

Hi

With the availability of tools like this;

http://www.remotesoft.com/salamander/

1. How safe is the source of .net apps?

2. Is MS using .net to write any of their apps? If so, presumably anyone
would be able to decompile them into equivalent source?!

Regards
Nov 20 '05 #1
7 1467
By Safe, what do you mean? through reflection, the contents of code can be
easily examined unless it's obscured. In that sense, it's not safe at all.
However, you can define security policy for instance and exert tremendous
amount of control over how your app runs, where it runs etc. Since .NET is
in a managed environment, there are all sorts of other things that make it
more secure...no more buffer overflows for instance.

Lax coding practices make code insecure, not .NET. You can write insecure
code with any language and people do. If you understand how the framework
works, you can take measures to protect from whatever threats you perceive
to be there.

HTH,

Bill
"John" <jo**@nospam.infovis.co.uk> wrote in message
news:Ov**************@TK2MSFTNGP10.phx.gbl...
Hi

With the availability of tools like this;

http://www.remotesoft.com/salamander/

1. How safe is the source of .net apps?

2. Is MS using .net to write any of their apps? If so, presumably anyone
would be able to decompile them into equivalent source?!

Regards

Nov 20 '05 #2
"William Ryan" <do********@nospam.comcast.net> wrote...
By Safe, what do you mean?


He's generally referring to the inherent nature of IL-based languages to be
turned back into source. The exact same issues were brought up when Java
was released. Code obfuscators were devised, there are probably some for
..Net already.
Nov 20 '05 #3
On 2003-11-02, Tom Leylan <ge*@iamtiredofspam.com> wrote:
"William Ryan" <do********@nospam.comcast.net> wrote...
By Safe, what do you mean?


He's generally referring to the inherent nature of IL-based languages to be
turned back into source. The exact same issues were brought up when Java
was released. Code obfuscators were devised, there are probably some for
.Net already.


Dotfuscator community edition ships with VS.NET 2003... They also have
a full blown commercial product and there are a couple of other
commercial obfuscators - like the one from Remotesoft, Salamander .NET
Obfuscator...

--
Tom Shelton
MVP [Visual Basic]
Nov 20 '05 #4
Yep, I was just trying to make a point that 'secure' code has many different
facets to it. As for obfuscators... we just got Salamander and it's pretty
darned cool.
"Tom Leylan" <ge*@iamtiredofspam.com> wrote in message
news:qO*******************@twister.nyc.rr.com...
"William Ryan" <do********@nospam.comcast.net> wrote...
By Safe, what do you mean?
He's generally referring to the inherent nature of IL-based languages to

be turned back into source. The exact same issues were brought up when Java
was released. Code obfuscators were devised, there are probably some for
.Net already.

Nov 20 '05 #5
On 2003-11-02, William Ryan <do********@nospam.comcast.net> wrote:
Yep, I was just trying to make a point that 'secure' code has many different
facets to it. As for obfuscators... we just got Salamander and it's pretty
darned cool.


Do they have an evalution version yet? I've sorely wanted to try that
one out. If it lives up to it's promises I think it would be something
that my company would be interested in - but I am sure they would want
to play with it a little before taking the plunge. As it is, if we buy
one it will be the full Dotfuscator - simply because the free version
ships with VS.NET.

--
Tom Shelton
MVP [Visual Basic]
Nov 20 '05 #6
Sorry to butt in guys - nothing to do with Salamanders or anything.

Hi Bill,

I saw your post and sent off a reply but I'm having problems with that
group - posts don't appear and so I repost and they still don't appear. I sent
several copies of a message to Steve and none have appeared in my OE (nor his
reply) but have on Google. I don't know if you can see my reply to you and
another (plus a re-post) to Scorpion. That's one hell of a twilight zone over
there.

Regards,
Fergus
Nov 20 '05 #7
Hi John,

Microsoft is using Dotfuscator Professional Edition to protect the
..NET apps they want to protect against reverse engineering. A lite
version of Dotfuscator is included in VS.NET and PreEmptive is working
closely with Microsoft to set new standards in .NET obfuscation.

For more information see:

http://preemptive.com/dotfuscator/

Best Regards,
The Dotfuscator Team

"John" <jo**@nospam.infovis.co.uk> wrote in message news:<Ov**************@TK2MSFTNGP10.phx.gbl>...
Hi

With the availability of tools like this;

http://www.remotesoft.com/salamander/

1. How safe is the source of .net apps?

2. Is MS using .net to write any of their apps? If so, presumably anyone
would be able to decompile them into equivalent source?!

Regards

Nov 20 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
2069
Secure Python code - volunteers for code review?
by: andrew blah | last post by:
Hello I have recently released catchmail - a free (BSD license) open source Python utility www.users.bigpond.net.au/mysite/catchmail.htm This script processes in and outbound emails and stores...
Python
6
4797
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
.NET Framework
2
1514
How secure is my application???
by: Jason Smith | last post by:
I have recently designed an application in Ms Access with the folllowing security: 1) Database is split into a front-end / backend with linked tables 2) All modules are password protected 3)...
Microsoft Access / VBA
2
1469
Reflector how can you secure your effort?
by: kids_pro | last post by:
With the reflector tool .exe, .dll can be decompile? how can we secure our work?
C# / C Sharp
7
1972
Non secure items on SSL in asp.net
by: Brian Henry | last post by:
I created a project and it looks like everything is loading under HTTPS on all the pages perfectly except one page that it loads saying that the page contains both secure and non secure items......
ASP.NET
14
4582
How to secure the Dotnet code
by: Usman | last post by:
Hi I'm working on an application that contains classes for licensing, authentication etc, including all the algorithms of encryption/decryption etc. I wanted to secure this code, but after...
.NET Framework
40
2762
secure integer library
by: Robert Seacord | last post by:
The CERT/CC has released a beta version of a secure integer library for the C Programming Language. The library is available for download from the CERT/CC Secure Coding Initiative web page at:...
C / C++
5
3672
is PHP less secure than Perl, Python, or Ruby?
by: walterbyrd | last post by:
I honestly don't know. But, I have seen articles and posts about how PHP is terribly insecure. I don't usually see comparisons to other common web languages. I think the big vulnerablity is...
PHP
5
4421
How to Secure ASP Code?
by: Billy | last post by:
I have a site designed with ASP 3.0 code (HTML and vbscript) that I want to protect from being visible. I want this code to be non-visible and hack-proof. Is there a way to either encrypt or...
ASP / Active Server Pages
0
7223
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
1
7031
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
5623
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
5042
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4702
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3191
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3179
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1542
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
412
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us