C
Christoph Wienands
Hello everybody,
I have a couple of questions about "intellectual property security" in
DotNet. It is very easy to disassemble DotNet assemblies and the generated
code looks very pretty![Smile :) :)](/styles/default/custom/smilies/smile.gif)
However, currently we are very concerned about our intellectual property
stored in the algorithms as well as passwords that we might need to ship
with the application. So I wanted to know if people here have gained some
experience with security measures. Here is what I was thinking about so far:
-Code obfuscating: VS.Net 2003 comes with one, we'll definitely use this. It
makes it hard to understand algorithms.
-Prevent debugging: Back in the DOS times you could do a couple of tricks
(hook into interrupts, etc.) which would crash most of the debuggers (except
for some really sophisticated ones). Does anybody know of tricks like that
for DotNet?
-Prevent use of our assemblies through other applications: Is there a way to
secure our libraries/assemblies so that only our applications will be able
to use them? I know you can give a strong name with a public/private key to
an assembly but I have no clue how this can help here. And I don't want to
store the assemblies encrypted in the application and decrypt and create
them on runtime.
-Secure passwords in assemblies: Assume our application needed to make a
connection to our server and we need to make sure that first this request
comes from our application, second, our application is unaltered. Any idea?
I know that these are quite some big questions and I don't expect complete
solutions ;-) But if anybody could give me some hints for one or the other
issues, I'd be very thankful.
Take care, Christoph
I have a couple of questions about "intellectual property security" in
DotNet. It is very easy to disassemble DotNet assemblies and the generated
code looks very pretty
![Smile :) :)](/styles/default/custom/smilies/smile.gif)
However, currently we are very concerned about our intellectual property
stored in the algorithms as well as passwords that we might need to ship
with the application. So I wanted to know if people here have gained some
experience with security measures. Here is what I was thinking about so far:
-Code obfuscating: VS.Net 2003 comes with one, we'll definitely use this. It
makes it hard to understand algorithms.
-Prevent debugging: Back in the DOS times you could do a couple of tricks
(hook into interrupts, etc.) which would crash most of the debuggers (except
for some really sophisticated ones). Does anybody know of tricks like that
for DotNet?
-Prevent use of our assemblies through other applications: Is there a way to
secure our libraries/assemblies so that only our applications will be able
to use them? I know you can give a strong name with a public/private key to
an assembly but I have no clue how this can help here. And I don't want to
store the assemblies encrypted in the application and decrypt and create
them on runtime.
-Secure passwords in assemblies: Assume our application needed to make a
connection to our server and we need to make sure that first this request
comes from our application, second, our application is unaltered. Any idea?
I know that these are quite some big questions and I don't expect complete
solutions ;-) But if anybody could give me some hints for one or the other
issues, I'd be very thankful.
Take care, Christoph