IL Security

  • Thread starter Thread starter ewingate
  • Start date Start date
E

ewingate

It seems that C#.Net is not especially secure. What I mean is that if
I were to write an application in C# and then try to sell this
application, someone else could just come along and decompile it and
steal my code. Am I missing something here or is this the way that
the .Net framework actually is? Is there no solution to this?



-E
 
It seems that C#.Net is not especially secure.
Click to expand...

Security and intellectual property protection (for programs) are
usually deemed to be somewhat different beasts in computing. Reading
your first couple of lines, I thought you meant there were lots of
security holes within the .NET framework for crackers to attack.
What I mean is that if
I were to write an application in C# and then try to sell this
application, someone else could just come along and decompile it and
steal my code. Am I missing something here or is this the way that
the .Net framework actually is? Is there no solution to this?
Click to expand...

See http://pobox.com/~skeet/csharp/obfuscation.html for my views on the
matter.
 
It seems that C#.Net is not especially secure. What I mean is that if
I were to write an application in C# and then try to sell this
application, someone else could just come along and decompile it and
steal my code. Am I missing something here or is this the way that
the .Net framework actually is? Is there no solution to this?
Click to expand...

There's obuscation tools that make it harder to do what you're talking
about. However, even with them, if someone wants to reverse engineer your
code, they can. More importantly, even if you compile your code straight
to machine code, it is not secure. It may take a little more work, but it
is possible to reverse compiled machine code and there are even tools
available to help someone do that. Even with optimizations, one can
reverse the process of compilation and get back to something reasonably
usable.

Basically, if you write software and you let anyone else use it, then
anyone using it has the ability to get back to your original algorithms
and design. It may be slightly easier with .NET applications, but no
software is immune and it really just comes down to how valuable your code
is. If your code is particularly useful, no amount of protection will
prevent it from eventually being reverse engineered. Conversely, if your
code isn't unique or difficult to reproduce, you could publish the
original source code and still not have to worry too much about other
people using it.

In other words, whether your code gets reused (whether with your
permission or not) has more to do with how useful the code is than whether
you've obfuscated it somehow.

Pete
 
This is what the framework actually is. What you want to do is
obfuscate your code. If you do a search on google for ".NET obfuscate" you
will turn up a number of products that will help you.

Hope this helps.
 
Would code be safer for a WebApp?
I mean, the code would run on only 1 machine,
instead of being distributed to the public.
Roger
 
Thank you all for the excellent responses. I did, indeed, mean
Intellectual Property Protection rather than 'security.' I was not
aware of the distinction between the two but this does make sense to
me now that it has been pointed out. Does anyone have any experience
with a product called "Salamander?" It supposedly strips away the need
for the framework. I am not sure how this is done, precisely, and I
also don't understand why MS did not build this sort of functionality
(or obfuscation) into the .NET framework to begin with.

-E
 
Back
Top