How to hide code in the assembly?

G

Guest

I wrote an assembly in C#/.NET that includes some personal information.
But this information can be revealed by opening the assembly in tools like
the ‘Microsoft .NET Framework IL DASM’ and ‘Reflector’.
I do not want to expose this code.

How do I hide it?
 
C

Carlos J. Quintero [.NET MVP]

You can use a 3rd party obfuscator to rename identifiers, etc. Most
obfuscators allows you to encrypt strings, or you can encrypt if yourself,
with simple methods (reversing, XORing, etc.) or using the
System.Security.Cryptography namespace. Of course, if your app must decrypt
it at run-time, the key will be in the assembly and someone could decrypt
it, but you are raising the bar.

--

Carlos J. Quintero

MZ-Tools 4.0: Productivity add-ins for Visual Studio .NET
You can code, design and document much faster.
http://www.mztools.com
 
T

Terry Burns

I would not recommend actually putting personal details anywhere you dont
want them hacked. If you must put this information in then obfuscate it.
 
G

Guest

Actually by problem is a bit different then I posted.
I’m sending mail form the assembly, and for that I’m doing authentication
like that
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", "1")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusername", "UserName")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpassword", " password");

And by using the tool I mentioned before, this user name and password can be
seen Easley.

How can I hide this data?
 
G

Guest

Actually by problem is a bit different then I posted.
I’m sending mail form the assembly, and for that I’m doing authentication
like that:

MailMessage MyMail = new MailMessage()
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", "1")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusername", "UserName")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpassword", " password");

And by using the tool I mentioned before, this user name and password can be
seen Easley.

How can I hide this data?
 
G

Guest

Actually by problem is a bit different then I posted.
I’m sending mail form the assembly, and for that I’m doing authentication
like that
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", "1")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusername", "UserName")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpassword", " password");

And by using the tool I mentioned before, this user name and password can be
seen Easley.

How can I hide this data?
 
G

Guest

Actually by problem is a bit different then I posted.
I’m sending mail form the assembly, and for that I’m doing authentication
like that:

MailMessage MyMail = new MailMessage()
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", "1")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusername", "UserName")
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpassword", " password");

And by using the tool I mentioned before, this user name and password can be
seen Easley.

How can I hide this data?
 
C

Carlos J. Quintero [.NET MVP]

Hi again,

1) Why don´t you use the SMTP server of the user instead of yours? That
would avoid authentication...

2) If you really need it, then you can encrypt that data so it is no so
easily seen with a decompiler.

--

Carlos J. Quintero

MZ-Tools 4.0: Productivity add-ins for Visual Studio .NET
You can code, design and document much faster.
http://www.mztools.com
 
C

Cor Ligthert

Sharon,

I think that when you have the answer on this, you should not sent it in a
newsgroup, you become miljonair.

I think that now every organisation which has to do with creditcards sent
that kind of messages seperated and in my country not by email however by
normal mail.

Cor
 
G

Guest

Ok, it's sound much better.
But can you please explain how do I do option 1 and 2?

I'll very much appreciate code sample.

Thanks
Sharon
 
A

Alexander Guirenko

...
MailMessage MyMail = new MailMessage();
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpau
thenticate", "1");
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendus
ername", "UserName");
MyMail.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpa
ssword", " password");
And by using the tool I mentioned before, this user name and password
can be
seen Easley.
How can I hide this data?

Solution is simple enough.
Please, do not keep real "UserName" and "password" in your source code.
Hide username and password to database or keep them (encrypted!) in
web.config file. Then (during run time) extract user name and password
from database or web.config file, decrypt and use them in
MyMail.Fields.Add...
 
S

Sean Hederman

This kind of information shouldn't be in the assembly anyway. If it's "baked
in" then it can't ever be changed without causing your application to stop
working. One way would be to store it in the configuration file (encrypted).
A better way would be to ask the user to enter the user name and password
the first time your app starts, and then store it using DPAPI.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How can I hide the SMTP authentication data? 1
Missing Assembly for System.Collections.Generic? 2
How to configure an assembly using CodeBase ...? 10
how can I protect my assembly by use strongnameidentitypermission with .NET 2.0? 2
Global Assembly Cache for exporting COM interface 4
Installing the exe assembly on each and every computer just isn't an option! 1
Not stepping into library assembly 7
Duplicate assembly loading 4

Top