decompiled .net or VB6?

[Elhanan]

hi..

i'm about to create a small winform application, the code in it is
rather sensitive, and since i read lots of stuff of how easy it is to
decompile an assembly, and how a winform application is not suitable
for commercial products, i'm thinking about doing it in vb6 (it does
use tables in ms-access but i was thinking in using database password
and encrypting the database).

am i wrong?
(actually my primary intent was to have all the logic reside in a
webserive as all this program does is to accept a few data, do lots of
numbering and output a single number as a result).

 

[Carlos J. Quintero [.NET MVP]]

You can do some tests decompiling your .NET exe with Reflector for .NET
(http://www.aisto.com/roeder/dotnet/), then trying an obfuscator and
decompiling it again to notice the difference. If you are not satisfied with
the obfuscation, then you can use a Web service, a VB6 exe, or an unmanaged
DLL called from .NET.

--

Best regards,

Carlos J. Quintero

MZ-Tools: Productivity add-ins for Visual Studio .NET, VB6, VB5 and VBA
You can code, design and document much faster.
Free resources for add-in developers:
http://www.mztools.com

 

[Jon Skeet [C# MVP]]

i'm about to create a small winform application, the code in it is
rather sensitive, and since i read lots of stuff of how easy it is to
decompile an assembly, and how a winform application is not suitable
for commercial products, i'm thinking about doing it in vb6 (it does
use tables in ms-access but i was thinking in using database password
and encrypting the database).

am i wrong?

See http://www.pobox.com/~skeet/csharp/obfuscation.html

 

[Elhanan]

yes i've read obfuscators and i heard that they can mess up
databinding with datasets , and other subtle probelms.
the main core of this applications, is insurance pension computation.
the user interface is very simple, input a few number then get result.
but imagine a very small error or bug which messes up a computation,
you'll NEVER be able to figure it out in time.

it gives me the creeps just thinking about .

i was thinking on maybe using alading software with USB hasp key, it
sorta warps your exe checking for key.

 

[Mark Rae]

use tables in ms-access but i was thinking in using database password
and encrypting the database).

am i wrong?

About using Access, you most certainly are!
http://www.crackpassword.com/products/prs/integpack/aopr/

 

[Jon Skeet [C# MVP]]

yes i've read obfuscators and i heard that they can mess up
databinding with datasets , and other subtle probelms.
the main core of this applications, is insurance pension computation.
the user interface is very simple, input a few number then get result.
but imagine a very small error or bug which messes up a computation,
you'll NEVER be able to figure it out in time.

Well, I would hope that running all your tests against the obfuscated
version would find problems like that, but only if you have a test-
driven approach, maybe.

it gives me the creeps just thinking about .

i was thinking on maybe using alading software with USB hasp key, it
sorta warps your exe checking for key.

So don't obfuscate - just don't worry about it. Are your internal
algorithms really *that* sensitive?

 

[Willy Denoyette [MVP]]

hi..

i'm about to create a small winform application, the code in it is
rather sensitive, and since i read lots of stuff of how easy it is to
decompile an assembly, and how a winform application is not suitable
for commercial products, i'm thinking about doing it in vb6 (it does
use tables in ms-access but i was thinking in using database password
and encrypting the database).

am i wrong?
(actually my primary intent was to have all the logic reside in a
webserive as all this program does is to accept a few data, do lots of
numbering and output a single number as a result).

What exactly do you mean with "rather sensitive", you don't store passwords
or other sensitive data in code I hope.

Willy.

 

[Elhanan]

no passwrods, but the algorithm itself for calcluating future pensions
is rather sensitive, not sure about the tables though.

 

[Elhanan]

what do you suggest then? (i will need to do sql queries on the
tables)..

 

[Jon Skeet [C# MVP]]

no passwrods, but the algorithm itself for calcluating future pensions
is rather sensitive, not sure about the tables though.

How sensitive is "rather sensitive"? If it can be exploited by people
knowing it, you shouldn't provide them with the code in the first
place, in any format. Write it in whatever language you like, but if
people can run it on their own box, then someone with enough patience
will be able to work it out.

 

[John B]

what do you suggest then? (i will need to do sql queries on the
tables)..

Try MSDE, the "free" version of SQL Server.
Do a search on google.
JB

 

[Elhanan]

thought about MSDE however i'm not comfortable placing a server in a
client computer (maybe they will have win98)

meanwhile as it turns out the tables themselves are public knowledge so
i don't have to worry about that anymore, that only leaves only the
code.

my options are either a dll in vb6, or turning it into a
webservice/webapplicaiton, (off course as a web service the entire
table secrutiy becomes void), dll might be a choice becouse not all
clients have an internet connection, so that will leave only vb6 or c#,
althoguh c# seems enticing, i have no knowledge of client computers
(maybe they won't have any framework installed) , while vb6 is known to
work on any windows system.