"Tom Rahav" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):
> I need to store some information about my application, such as trail
> version limits, allowed modules, etc.
> My question is whether it's better to store it in the windows
> registry, or in a binary file in the application's directory. My

Neither. Use the user local storage. The paths are listed in the Application object.



--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Make your ASP.NET applications run faster
http://www.atozed.com/IntraWeb/

Hi!

I need to store some information about my application, such as trail version
limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since I
need it just what the apllication starts.

Thanks!
Tom Rahav.

Hi Tom,

As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the registry
to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Hello Steven,

If I do understand you well, storing such information in the application's
binary file, require re-compilation for each change in these variables. What
I actually want is to provide the the ability to add and remove modules
dinamically, without creating a different installation / exe file per each
version. Did I get you well?
Thanks!
Tom.

"Steven Cheng[MSFT]" <v-(E-Mail Removed)> wrote in message
news:urUMw%(E-Mail Removed)...
> Hi Tom,
>
> As for the where to store those privacy datas in our published programs
> question, IMO, registry or any other external
> config files may be simple for develop and use, but none of them are the
> secure means. Yes, there used to be many softwares which use the registry
> to store such trial version limit info, however since nowadays we can
> easily capture such info through may tools such as regmon, this is no
> longer a reasonable means.
> Based on my experience, most application will embed such information in
> the
> application's binary executable file itself. I know that some applcation
> will embed the application's startup times in the PE file's end and read
> (and update it) at the beginning of the application and this is usually
> done by calling raw win32 system API to read application memory. In .net
> world, I think you can consider embed such info into a binary file , and
> use some encryption/digitsign means to protect it from being tampered.
>
> Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

A bit confusing ?

You could have just those modules in a directory and load them if available
or list them in the config file...

Do you mean you should have a mean to enable/disable the module. Past
applications protected with dongle were using an identifier for each module
combined together with an expiration date and giving a last result...

Each time the user wants to add a module you issue them the new result of
this computation else they are not recognized...

Not sure what is the exact question ?

Patrice

--

"Tom Rahav" <(E-Mail Removed)> a écrit dans le message de
news:(E-Mail Removed)...
> Hello Steven,
>
> If I do understand you well, storing such information in the application's
> binary file, require re-compilation for each change in these variables.
What
> I actually want is to provide the the ability to add and remove modules
> dinamically, without creating a different installation / exe file per each
> version. Did I get you well?
> Thanks!
> Tom.
>
> "Steven Cheng[MSFT]" <v-(E-Mail Removed)> wrote in message
> news:urUMw%(E-Mail Removed)...
> > Hi Tom,
> >
> > As for the where to store those privacy datas in our published programs
> > question, IMO, registry or any other external
> > config files may be simple for develop and use, but none of them are the
> > secure means. Yes, there used to be many softwares which use the
registry
> > to store such trial version limit info, however since nowadays we can
> > easily capture such info through may tools such as regmon, this is no
> > longer a reasonable means.
> > Based on my experience, most application will embed such information in
> > the
> > application's binary executable file itself. I know that some applcation
> > will embed the application's startup times in the PE file's end and read
> > (and update it) at the beginning of the application and this is usually
> > done by calling raw win32 system API to read application memory. In .net
> > world, I think you can consider embed such info into a binary file , and
> > use some encryption/digitsign means to protect it from being tampered.
> >
> > Thanks,
> >
> > Steven Cheng
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
> >
>
>

Thanks for Patrice's input.

Hi Tom,

Yes, injecting info in application's binary file dynamically in runtime is
diffcult(need to use raw win32 API) and this is even impossible in .net
world when we strong-named our assembly. Anyway, for your scenario, I think
you can put those info in a separtae binary file, and to make it more
secure, I suggest you perform encryption and digitsign on them.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

If the information is User- or Computer dependent use the registry,
otherwise use the application's directory.

"Tom Rahav" <(E-Mail Removed)> schrieb im Newsbeitrag
news:(E-Mail Removed)...
> Hi!
>
> I need to store some information about my application, such as trail
version
> limits, allowed modules, etc.
> My question is whether it's better to store it in the windows registry, or
> in a binary file in the application's directory. My question is more aimed
> to the security issues, because I don't face performence as problem, since
I
> need it just what the apllication starts.
>
> Thanks!
> Tom Rahav.
>
>