C# dependencies and security
-
Hi If I develop a dll that deals with most of my data security in C++ or Delphi for example, a malicious user could replace it with a bad copy and this way it would void my security. Is it the same in C#? When I add a dependency it may run with malicious copies (with the same metadata)? In other Windows Application I would just check the dll CRC before using it... Would that be enough in C#? Thanks, Dirso.
-
Hi If I develop a dll that deals with most of my data security in C++ or Delphi for example, a malicious user could replace it with a bad copy and this way it would void my security. Is it the same in C#? When I add a dependency it may run with malicious copies (with the same metadata)? In other Windows Application I would just check the dll CRC before using it... Would that be enough in C#? Thanks, Dirso.
-
Hi If I develop a dll that deals with most of my data security in C++ or Delphi for example, a malicious user could replace it with a bad copy and this way it would void my security. Is it the same in C#? When I add a dependency it may run with malicious copies (with the same metadata)? In other Windows Application I would just check the dll CRC before using it... Would that be enough in C#? Thanks, Dirso.
Other than the signing that was mentioned in the other post to your question, you can use an obfuscator. With an obfuscator you can scramble an assembly so that it cannot be decompiled and obfuscation also allows you to embed watermarks that you can check when an application starts. (All of this, of course, depends upon the obfuscator you use). I happen to use Spices Obfuscator from 9rays.net, but the company seems to be dying so I wouldn't look into getting that particular obfuscator.
Regards, Thomas Stockwell Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Visit my Blog
-
Other than the signing that was mentioned in the other post to your question, you can use an obfuscator. With an obfuscator you can scramble an assembly so that it cannot be decompiled and obfuscation also allows you to embed watermarks that you can check when an application starts. (All of this, of course, depends upon the obfuscator you use). I happen to use Spices Obfuscator from 9rays.net, but the company seems to be dying so I wouldn't look into getting that particular obfuscator.
Regards, Thomas Stockwell Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Visit my Blog
-
.NET assemblies can be signed, that prevents tampering like this.
xacc.ide - now with TabsToSpaces support
IronScheme - 1.0 beta 1 - out now!
((lambda (x) `((lambda (x) ,x) ',x)) '`((lambda (x) ,x) ',x))