Security "string" encrypt
-
I have a probleme with c# i can't built anithing i can't hack easy. evenobfuscate(not pro) will leave the string readable. i have so hacked (not destruct just for learn security) a lot of c# app they all have thousand way to have fun with. how to well protect a string?? i tried encrypt it but i'm confused with that since all the crypt function look like. Decrypt("xxxvmmiti=","MyKeyHERE"); hacker are still able to read the key and its not encrypted so they can use the function + key for decrypt data??? some peaple tell put the key in app.config but that file is even readable in notepad so i don't see any corect way to protect string. i do something wrong? so i was thinking call the key from an unmanaged key.dll writed with c++. is c++ easy to hack? if yes tell me what tool haker use so i can chek. rigth now i'm thinking use an other langage on sensible part what langage can't be hacked that easy?
-
I have a probleme with c# i can't built anithing i can't hack easy. evenobfuscate(not pro) will leave the string readable. i have so hacked (not destruct just for learn security) a lot of c# app they all have thousand way to have fun with. how to well protect a string?? i tried encrypt it but i'm confused with that since all the crypt function look like. Decrypt("xxxvmmiti=","MyKeyHERE"); hacker are still able to read the key and its not encrypted so they can use the function + key for decrypt data??? some peaple tell put the key in app.config but that file is even readable in notepad so i don't see any corect way to protect string. i do something wrong? so i was thinking call the key from an unmanaged key.dll writed with c++. is c++ easy to hack? if yes tell me what tool haker use so i can chek. rigth now i'm thinking use an other langage on sensible part what langage can't be hacked that easy?
I think your a bit paranoid. Are you still concerned about people knowing you IP address? How do you think the internet works? Do you know how you got onto this site? you did it by specifying (one way or another) the IP address where the website is hosted. If these kind of things where not publicly available how would you expect people to connect to websites? Telling somebody your IP address is not going to make a difference if some 'HACKER' wants to try and attack your server. You can't write a client application that connects to a server that the client application can not find.
Life goes very fast. Tomorrow, today is already yesterday.
-
I think your a bit paranoid. Are you still concerned about people knowing you IP address? How do you think the internet works? Do you know how you got onto this site? you did it by specifying (one way or another) the IP address where the website is hosted. If these kind of things where not publicly available how would you expect people to connect to websites? Telling somebody your IP address is not going to make a difference if some 'HACKER' wants to try and attack your server. You can't write a client application that connects to a server that the client application can not find.
Life goes very fast. Tomorrow, today is already yesterday.
i have to deal with other programmer/haker thats not public engine and first thing they do is try to get the code and copy it for ameliorated theyr own code nothing paranoid here . i know if i leave a string like webrequest (/http://mysite/some.php) or some database code the tomorow i have no more database ;) . and time my app will not resist 30 minute front of a haker i will not be happy of it^^^. you should know that til you programme have some interest coder will read the code .
-
i have to deal with other programmer/haker thats not public engine and first thing they do is try to get the code and copy it for ameliorated theyr own code nothing paranoid here . i know if i leave a string like webrequest (/http://mysite/some.php) or some database code the tomorow i have no more database ;) . and time my app will not resist 30 minute front of a haker i will not be happy of it^^^. you should know that til you programme have some interest coder will read the code .
I think you need to spend more effort on secure coding practices and server security than on securing the code itself.
Dave
BTW, in software, hope and pray is not a viable strategy. (Luc Pattyn)
Visual Basic is not used by normal people so we're not covering it here. (Uncyclopedia)
Why are you using VB6? Do you hate yourself? (Christian Graus) -
I think you need to spend more effort on secure coding practices and server security than on securing the code itself.
Dave
BTW, in software, hope and pray is not a viable strategy. (Luc Pattyn)
Visual Basic is not used by normal people so we're not covering it here. (Uncyclopedia)
Why are you using VB6? Do you hate yourself? (Christian Graus)yes i do some protecting my server and learn again cuz without being paranoid i think all society around the word have to be concerned by security. then what i realy dont like in c# is the way you read easy link. and how its hard to comunicate with a sql without being haked. using odcb well that just like you email your pass/login database to the haker using a php file you got some sort of RecordUser.php?login=toto&pass=1234. that just not acceptable to me to have such string readable in the code. why i go back my question is theyr a way to protect c# string or i go for python?^^
-
i have to deal with other programmer/haker thats not public engine and first thing they do is try to get the code and copy it for ameliorated theyr own code nothing paranoid here . i know if i leave a string like webrequest (/http://mysite/some.php) or some database code the tomorow i have no more database ;) . and time my app will not resist 30 minute front of a haker i will not be happy of it^^^. you should know that til you programme have some interest coder will read the code .
then pay for some good application security like this[^] Like I said yesterday when you mentioned you were going on about your IP Address being available. No matter what you do to your application to make it secure. If you are connecting to anywahere over the internet you need to specify an address for it to connect to. There are a number of tools that can monitor network activity and tell you any IP address that your computer tries to connect to. so you cant avoid that problem.
evangile wrote:
i know if i leave a string like webrequest (/http://mysite/some.php)
if you have an address like that then it is publicly available anyway so protecting you application wont change that. here[^], do some reading
Life goes very fast. Tomorrow, today is already yesterday.
-
yes i do some protecting my server and learn again cuz without being paranoid i think all society around the word have to be concerned by security. then what i realy dont like in c# is the way you read easy link. and how its hard to comunicate with a sql without being haked. using odcb well that just like you email your pass/login database to the haker using a php file you got some sort of RecordUser.php?login=toto&pass=1234. that just not acceptable to me to have such string readable in the code. why i go back my question is theyr a way to protect c# string or i go for python?^^
You shouldn't be putting your database login data into any software you are releasing into the wild. I think you need to rethink your solution as this is a major flaw, but of the design not the language.
Dave
BTW, in software, hope and pray is not a viable strategy. (Luc Pattyn)
Visual Basic is not used by normal people so we're not covering it here. (Uncyclopedia)
Why are you using VB6? Do you hate yourself? (Christian Graus) -
then pay for some good application security like this[^] Like I said yesterday when you mentioned you were going on about your IP Address being available. No matter what you do to your application to make it secure. If you are connecting to anywahere over the internet you need to specify an address for it to connect to. There are a number of tools that can monitor network activity and tell you any IP address that your computer tries to connect to. so you cant avoid that problem.
evangile wrote:
i know if i leave a string like webrequest (/http://mysite/some.php)
if you have an address like that then it is publicly available anyway so protecting you application wont change that. here[^], do some reading
Life goes very fast. Tomorrow, today is already yesterday.
thank for the link will go read into it^^. my main probleme is my MainServer is on a pc that have not yet a fixed IP. so i need to tell public application what is my Mainserver IP since it change when i restart server. here is the issue i have to get public comunicate with a "well known site" where they got my PC IP. then it mean ether autorise read it in the database or DL at a IP.XML file (haker can deturn then the whole traffic to his server seting his ip in database or uploading new xml ). i think firt i may need a fix IP for my PC so i dont need an other "Rendez vous" but i was waiting install linux before turn my pc into a server. thank for the link anyway.
-
thank for the link will go read into it^^. my main probleme is my MainServer is on a pc that have not yet a fixed IP. so i need to tell public application what is my Mainserver IP since it change when i restart server. here is the issue i have to get public comunicate with a "well known site" where they got my PC IP. then it mean ether autorise read it in the database or DL at a IP.XML file (haker can deturn then the whole traffic to his server seting his ip in database or uploading new xml ). i think firt i may need a fix IP for my PC so i dont need an other "Rendez vous" but i was waiting install linux before turn my pc into a server. thank for the link anyway.
You don't necessarily need a fixed IP address (although it's obviously preferable). If you use a domain name then that will resolve via DNS look ups to a specific IP address. This can be updated dynamicly whenever your IP changes. Google for dynamic DNS. If someone changes the IP or domain name to a different one, then surely the information that is requested from the server will not be available and just render the application useless until the correct settings are reapplied. I don't quite get the problem here. I can save a link to http://69.10.233.10 and change it in the source to http://74.125.39.147, but then I'm going to get Google instead of CodeProject - not much use if I'm wanting to use what CodeProject has to offer, so my link is now of no use to me.
Dave
BTW, in software, hope and pray is not a viable strategy. (Luc Pattyn)
Visual Basic is not used by normal people so we're not covering it here. (Uncyclopedia)
Why are you using VB6? Do you hate yourself? (Christian Graus) -
I have a probleme with c# i can't built anithing i can't hack easy. evenobfuscate(not pro) will leave the string readable. i have so hacked (not destruct just for learn security) a lot of c# app they all have thousand way to have fun with. how to well protect a string?? i tried encrypt it but i'm confused with that since all the crypt function look like. Decrypt("xxxvmmiti=","MyKeyHERE"); hacker are still able to read the key and its not encrypted so they can use the function + key for decrypt data??? some peaple tell put the key in app.config but that file is even readable in notepad so i don't see any corect way to protect string. i do something wrong? so i was thinking call the key from an unmanaged key.dll writed with c++. is c++ easy to hack? if yes tell me what tool haker use so i can chek. rigth now i'm thinking use an other langage on sensible part what langage can't be hacked that easy?
Navajo
Need custom software developed? I do C# development and consulting all over the United States. A man said to the universe: "Sir I exist!" "However," replied the universe, "The fact has not created in me A sense of obligation." --Stephen Crane