How to disable reflection?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm building a .NET application and I'll like to prevent some specific
methods to be accessible using reflection.

I'll like to clarify, that what I'm looking for, is to completle disallow
the access to some methods thru reflection, special some methods related to
the licensing procedure of my application.

I was trying to use ReflectionPermissionAttribute, but I believe is intended
to be use for other type of controls and not the one I'm looking for.

Thanks in advance
 
Luis Fajardo said:
I'm building a .NET application and I'll like to prevent some specific
methods to be accessible using reflection.

I'll like to clarify, that what I'm looking for, is to completle disallow
the access to some methods thru reflection, special some methods related to
the licensing procedure of my application.

I was trying to use ReflectionPermissionAttribute, but I believe is intended
to be use for other type of controls and not the one I'm looking for.
Click to expand...

You can't (AFAIK) stop reflection being used in a situation where the
caller has "full trust". If they're running with less than full trust
then some things about reflection (if not all) are automatically
disabled, I believe - however, if this is to stop other people from
calling some code, you can't prevent them from running your code *with*
full trust unless you're in control of their box in the first place.
 
Jon, thanks for responding.

I'll like just clarify that I'm refering to private or internal methods
which are not intended to be use outside the application. Based on your
comments I imagine doesn't matter if is private or not, but I just want to
clarify that, specially because of the last statement in your response:
"unless you're in control of their box in the first place."

If there is nothing I can do about it, then, that's fine, I was just trying
last resources.


Thanks for your comments,
 
Luis Fajardo said:
Jon, thanks for responding.

I'll like just clarify that I'm refering to private or internal methods
which are not intended to be use outside the application. Based on your
comments I imagine doesn't matter if is private or not, but I just want to
clarify that, specially because of the last statement in your response:
"unless you're in control of their box in the first place."
Click to expand...

Thats where obfustication comes in. You aren't going to stop people from
accessing your code(or rewriting it at the least) but you can make it
difficult for people to understand it.
 
Jon said:
You can't (AFAIK) stop reflection being used in a situation where the
caller has "full trust". If they're running with less than full trust
then some things about reflection (if not all) are automatically
disabled, I believe - however, if this is to stop other people from
calling some code, you can't prevent them from running your code
*with* full trust unless you're in control of their box in the first
place.
Click to expand...

In addition there is an unmanaged COM object that will give metadata
information (a process that uses this is called metainfo in the .NET
SDK) and this is not affected in anyway by whatever security settings
the .NET runtime is following. .NET metadata is just a collection of
bits so any code can read it. For example, I have just finished writing
a .NET class library that reads metadata from the file on disk (ie not
using reflection) and uses this to access the IL so that I can perform
statistical analysis on the opcodes used.

Richard
 
Back
Top