Strong name or not?

  • Thread starter Thread starter Jeffry van de Vuurst
  • Start date Start date
J

Jeffry van de Vuurst

Hi there,

I'm wondering what the recommended way is, strong naming an application or
not? Let's say I have a mobile application with all local dll's, no GAC
involved. I saw in performance sessions that a strong name affects
performance. Also, if I'm correct, the Compact Framework doesn't have the
code access security features that could profit from a strong name (e.g.
only an assembly with strong name "x" can call method "y"). So, if you don't
need the GAC, why would I use a strong name? And, is the performance penalty
worth the effort to remove the strong name or is it negligible?

Thanks for your insights.
 
Strong naming just proves you were the developer who signed the assembly.
It's a simple means to identify code. Of course it had its benefits some of
which you mentioned, not sure about performance I haven't really done any
benchmarks to test this.

But we do strong name our code because we digitally sign of course using
signtool. An assembly needs to be strong named iin order to use authenticode.

Strong naming is not meant to be a way to secure your code, see this post on
replacing a strong name:
http://www.atrevido.net/blog/PermaLink.aspx?guid=f772c18a-f389-4c28-bd6a-a30f4ccc84f5

If you think obfuscating your .NET code is the answer then think again,
check this post out:
http://www.atrevido.net/blog/PermaLink.aspx?guid=8315fa01-0286-47ce-a20b-fcc15eb297c3

You might also find this link helpful, but then again you might not ;)
http://groups.google.com/group/micr...k=gst&q=cracking+.net&rnum=1#f18ec649e079d504
 
Hi Simon,

Thanks for your insights. I know what the general idea of a strong name is,
identifying the code. That what need when you use e.g. the
StrongNameIdentityPermissionAttribute.

I'm not asking about obfuscating code and I am aware that a strong name can
be replaced. There was an article about it on CodeProject also. But thanks
for the links anyway ;)

So, that leaves me with 2 conclusions from your answer.
1. a strong name doesn't secure your code (so no need for it in that sense)
2. you do need it when you want to digitally sign your code

Thanks for you answer.
 
Back
Top