MSIL Not Coding String Variables

G

Guest

See This Code
=======================================================
..method private specialname rtspecialname static
void .cctor() cil managed
{
// Code size 52 (0x34)
.maxstack 8
IL_0000:
ldstr "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
IL_0005: call string [System.Windows.Forms]
System.Windows.Forms.Application::get_StartupPath()
IL_000a: ldstr "/sel.mdb;Jet OLEDB:Database
Password=sba "
IL_000f: call string [mscorlib]
System.String::Concat(string,

string,

string)
IL_0014: stsfld string sel.Module1::sConStr
IL_0019: ldsfld string sel.Module1::sConStr
IL_001e: newobj instance void [System.Data]
System.Data.OleDb.OleDbConnection::.ctor(string)
IL_0023: stsfld class [System.Data]
System.Data.OleDb.OleDbConnection sel.Module1::blush:Cnn
IL_0028: ldstr "C:\\windows\\pas"
IL_002d: stsfld string sel.Module1::ahmed
IL_0032: nop
IL_0033: ret
} // end of method Module1::.cctor
=======================================================

Notice That ConnectionString Is Readable
And I Can Get PassWord Very Easy
So We can any Secured Database From MSIL Language
Realy It's Big Problem
Please Advice Me To Protect My Programs
Thanks
 
R

Rob Teixeira [MVP]

If you open a regular PE program in a hex editor, you can see all literal
string values just as plainly. Compile a C++ or VB6 program with a
connection string, open it in a hex editor, and you'll see what I mean.

There are several ways to protect the data from casual inspection. Check out
the encryption classes for starters (System.Security.Cryptography
namespace).

-Rob Teixeira [MVP]
 
J

Jeremy

Notice That ConnectionString Is Readable
And I Can Get PassWord Very Easy
So We can any Secured Database From MSIL Language
Realy It's Big Problem
Click to expand...


Welcome to the world of security! Head on over to the MS patterns &
practices ( http://msdn.microsoft.com/patterns/ ) and check out the data
access patterns, there is one that extensivly discusses data access,
encrypting & storing connection strings etc...

( FYI, this problem is present in PE EXEs as well, its not new )

HTH,
Jeremy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trouble with Reflection.Emit, emitting bad MSIL please help. 2
Optimal Code / Reading MSIL 2
Compiler Trick? 9
Dynamic Types with Reflection.Emit, how to ? 2

Top