By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,652 Members | 1,422 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,652 IT Pros & Developers. It's quick & easy.

How secure is our source code?

P: n/a
Hi

With the availability of tools like this;

http://www.remotesoft.com/salamander/

1. How safe is the source of .net apps?

2. Is MS using .net to write any of their apps? If so, presumably anyone
would be able to decompile them into equivalent source?!

Regards
Nov 20 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
By Safe, what do you mean? through reflection, the contents of code can be
easily examined unless it's obscured. In that sense, it's not safe at all.
However, you can define security policy for instance and exert tremendous
amount of control over how your app runs, where it runs etc. Since .NET is
in a managed environment, there are all sorts of other things that make it
more secure...no more buffer overflows for instance.

Lax coding practices make code insecure, not .NET. You can write insecure
code with any language and people do. If you understand how the framework
works, you can take measures to protect from whatever threats you perceive
to be there.

HTH,

Bill
"John" <jo**@nospam.infovis.co.uk> wrote in message
news:Ov**************@TK2MSFTNGP10.phx.gbl...
Hi

With the availability of tools like this;

http://www.remotesoft.com/salamander/

1. How safe is the source of .net apps?

2. Is MS using .net to write any of their apps? If so, presumably anyone
would be able to decompile them into equivalent source?!

Regards

Nov 20 '05 #2

P: n/a
"William Ryan" <do********@nospam.comcast.net> wrote...
By Safe, what do you mean?


He's generally referring to the inherent nature of IL-based languages to be
turned back into source. The exact same issues were brought up when Java
was released. Code obfuscators were devised, there are probably some for
..Net already.
Nov 20 '05 #3

P: n/a
On 2003-11-02, Tom Leylan <ge*@iamtiredofspam.com> wrote:
"William Ryan" <do********@nospam.comcast.net> wrote...
By Safe, what do you mean?


He's generally referring to the inherent nature of IL-based languages to be
turned back into source. The exact same issues were brought up when Java
was released. Code obfuscators were devised, there are probably some for
.Net already.


Dotfuscator community edition ships with VS.NET 2003... They also have
a full blown commercial product and there are a couple of other
commercial obfuscators - like the one from Remotesoft, Salamander .NET
Obfuscator...

--
Tom Shelton
MVP [Visual Basic]
Nov 20 '05 #4

P: n/a
Yep, I was just trying to make a point that 'secure' code has many different
facets to it. As for obfuscators... we just got Salamander and it's pretty
darned cool.
"Tom Leylan" <ge*@iamtiredofspam.com> wrote in message
news:qO*******************@twister.nyc.rr.com...
"William Ryan" <do********@nospam.comcast.net> wrote...
By Safe, what do you mean?
He's generally referring to the inherent nature of IL-based languages to

be turned back into source. The exact same issues were brought up when Java
was released. Code obfuscators were devised, there are probably some for
.Net already.

Nov 20 '05 #5

P: n/a
On 2003-11-02, William Ryan <do********@nospam.comcast.net> wrote:
Yep, I was just trying to make a point that 'secure' code has many different
facets to it. As for obfuscators... we just got Salamander and it's pretty
darned cool.


Do they have an evalution version yet? I've sorely wanted to try that
one out. If it lives up to it's promises I think it would be something
that my company would be interested in - but I am sure they would want
to play with it a little before taking the plunge. As it is, if we buy
one it will be the full Dotfuscator - simply because the free version
ships with VS.NET.

--
Tom Shelton
MVP [Visual Basic]
Nov 20 '05 #6

P: n/a
Sorry to butt in guys - nothing to do with Salamanders or anything.

Hi Bill,

I saw your post and sent off a reply but I'm having problems with that
group - posts don't appear and so I repost and they still don't appear. I sent
several copies of a message to Steve and none have appeared in my OE (nor his
reply) but have on Google. I don't know if you can see my reply to you and
another (plus a re-post) to Scorpion. That's one hell of a twilight zone over
there.

Regards,
Fergus
Nov 20 '05 #7

P: n/a
Hi John,

Microsoft is using Dotfuscator Professional Edition to protect the
..NET apps they want to protect against reverse engineering. A lite
version of Dotfuscator is included in VS.NET and PreEmptive is working
closely with Microsoft to set new standards in .NET obfuscation.

For more information see:

http://preemptive.com/dotfuscator/

Best Regards,
The Dotfuscator Team

"John" <jo**@nospam.infovis.co.uk> wrote in message news:<Ov**************@TK2MSFTNGP10.phx.gbl>...
Hi

With the availability of tools like this;

http://www.remotesoft.com/salamander/

1. How safe is the source of .net apps?

2. Is MS using .net to write any of their apps? If so, presumably anyone
would be able to decompile them into equivalent source?!

Regards

Nov 20 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.