Preventing another application from calling code of my application.
-
Hi All I am developing a windows based application using C# Language in which security is very important. I have used restricted access modifiers such as private,sealed,protected internal etc etc. And also denied permissions to my application at assembly level(in AssemblyInfo.cs) such as for File input output [assembly:FileIOPermission(SecurityAction.RequestRefuse,Unrestricted=false)] and for everything which was not needed in my application for eg registry,IsolatedStorage etc etc. I have also strong named my assembly. I came to know from somebody on the internet that still my code is accessible to other application and any application by using System.Reflection can execute the code of my application. Is it true? If yes What should I do to prevent it.? And please tell other things also which I can do to increase security of my application. Please guide. Thanks Regards THE SK
-
Hi All I am developing a windows based application using C# Language in which security is very important. I have used restricted access modifiers such as private,sealed,protected internal etc etc. And also denied permissions to my application at assembly level(in AssemblyInfo.cs) such as for File input output [assembly:FileIOPermission(SecurityAction.RequestRefuse,Unrestricted=false)] and for everything which was not needed in my application for eg registry,IsolatedStorage etc etc. I have also strong named my assembly. I came to know from somebody on the internet that still my code is accessible to other application and any application by using System.Reflection can execute the code of my application. Is it true? If yes What should I do to prevent it.? And please tell other things also which I can do to increase security of my application. Please guide. Thanks Regards THE SK
What you want is something called an "obfuscator". Do NOT use the obfuscation crap that came with VS2008 (because it won't do what you need it to do). Buy a 3rd party tool. Get one that encrypts the strings and creates a native binary out of your assemblies. The problem is that he can look at your code with Defender and figure out what your assemblies are doing, and can therefore use your DLLs in his own code. Now that you know how to fix your assemblies, you have to figure out a way to remove the "open" versions from the user's computer. Good luck with that (because now that they're out there, you're hosed).
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 -
Hi All I am developing a windows based application using C# Language in which security is very important. I have used restricted access modifiers such as private,sealed,protected internal etc etc. And also denied permissions to my application at assembly level(in AssemblyInfo.cs) such as for File input output [assembly:FileIOPermission(SecurityAction.RequestRefuse,Unrestricted=false)] and for everything which was not needed in my application for eg registry,IsolatedStorage etc etc. I have also strong named my assembly. I came to know from somebody on the internet that still my code is accessible to other application and any application by using System.Reflection can execute the code of my application. Is it true? If yes What should I do to prevent it.? And please tell other things also which I can do to increase security of my application. Please guide. Thanks Regards THE SK
You would need some sort of license scheme so the methods can validate that they were called by an allowable application. It would slow your application down, and probably isn't worth the trouble.
-
Hi All I am developing a windows based application using C# Language in which security is very important. I have used restricted access modifiers such as private,sealed,protected internal etc etc. And also denied permissions to my application at assembly level(in AssemblyInfo.cs) such as for File input output [assembly:FileIOPermission(SecurityAction.RequestRefuse,Unrestricted=false)] and for everything which was not needed in my application for eg registry,IsolatedStorage etc etc. I have also strong named my assembly. I came to know from somebody on the internet that still my code is accessible to other application and any application by using System.Reflection can execute the code of my application. Is it true? If yes What should I do to prevent it.? And please tell other things also which I can do to increase security of my application. Please guide. Thanks Regards THE SK
There is a problem using obfuscation and UI since one can iterate through all types and create instances of forms and controls. You can solve this by having all forms and controls inherit your own type (that inherits from UserControl or Form) and that type requires that some static flag was raised in the application or else... This way radomly generating types will just raise exceptions. Adding this just adds another small barrier for people trying to look at your code and does not solve the problem.
Natza Mitzi
