Strong Names??

SStory · Feb 26, 2004

OK.. I know enough to be dangerous.. but still learning.

Seems from reading that I should use a strong name if my app is a dll that
is going to be shared.
1.) What if it is just and EXE?

2.) Could I use it so that if I have a DLL and an EXE, only my EXE could
use the functions within that DLL(i.e. call it and all others would fail)?

3.) Would this method be breached if the code wasn't obfuscated??

4.) Is there more about Strong names than this?

Any answers appreciated.

Am doing a lot of research and study to try to make the best decisions for
my personal project.

Shane

Scott M. · Feb 26, 2004

SStory said:
OK.. I know enough to be dangerous.. but still learning.

Seems from reading that I should use a strong name if my app is a dll that
is going to be shared.
1.) What if it is just and EXE?

Strong Names are generally for assemblies that will be registered into the
GAC. Since there may be other assemblies with the same name, a strong name
is needed. If you EXE will be accessed by different applications, you
shouldn't need to worry about giving it a strong name.

2.) Could I use it so that if I have a DLL and an EXE, only my EXE could
use the functions within that DLL(i.e. call it and all others would fail)?

I'm sure you can, I can't think of how at the moment though.

3.) Would this method be breached if the code wasn't obfuscated??
No.

4.) Is there more about Strong names than this?

See answer to #1

SStory · Feb 26, 2004

Thanks for your reply.

In response to question 2.... I wonder further....If I make an exe that
calls a dll and my dll has a strong name so that only my exe can call it,
and then I update my dll and ship only it, would the exe that my client has
still be able to read that dll if I signed it with the same key?
From my understanding a strong name takes my key and a hash of the program
so seems this might not work in an update situation.
Any thoughts? Anyone?

Thanks,

Shane

Scott M. · Feb 26, 2004

SStory said:
Thanks for your reply.

In response to question 2.... I wonder further....If I make an exe that
calls a dll and my dll has a strong name so that only my exe can call it,
and then I update my dll and ship only it, would the exe that my client has
still be able to read that dll if I signed it with the same key?

Well, hold on a second here. The strong name is not for allowing access by
any particular assembly. The strong name is just to uniquely identify the
assembly to Windows so it is not cofused with any other assembly.

SStory · Feb 26, 2004

Scott,

Check this out and see if you still think that is right...the more I read
the more it seems it could be used as I suggested but I'm not real
comfortable with it all yet.
http://samples.gotdotnet.com/quickstart/howto/doc/security/CodeIdentityDemand.aspx

Shane

SStory · Feb 27, 2004

Hey, the last part of the link I sent you says it is used for that. So I may
be onto something finally after hours of research....

Just need to read a bit more.

Now the question is.
I sign MY.DLL and my.exe references it.

Then my users get it.

I make updates to my.dll and ship my.dll with the same key signature to my
users.
my.exe should still be able to use the dll but no one else should be able to
use it at all.

Can anyone concur with this? It seems to be what I am reading at

http://samples.gotdotnet.com/quickstart/howto/doc/security/CodeIdentityDemand.aspx

Hope to get to the bottom of this. It is a real issue in app deployment and
updating I think.

Thanks Scott!

Shane

Strong Names??

SStory

Scott M.

SStory

Scott M.

SStory

SStory