Konrad said:
[...]
If you deliver code to run on a client computer, that code can be
reused. No matter what you do.
Hmm. Isn't it possible to use Code Access Security (CAS)? It could be
possible to force, that the assemblies, that are calling your assembly,
is signed with a special Key (Publisher Evidence).
Possibly. But that doesn't stop someone from reusing your code. It
just forces them to copy your code into a different assembly that
doesn't carry that kind of protection.
[...]
Not sure, if that makes sense, because someone can always use Tools to
get the code again. And even when the code is obfuscated, maybe it will
be easy to remove the attributes and recompile it? So maybe you simply
insert some code in important functions that checks the permissions? It
could be much harder to find / remove that way.
As I always point out when this type of discussion comes up, my general
rule of thumb is:
Whatever level of effort is warranted to protect the code based
on the costs of that effort versus the costs of the code not
being protected, there is an equivalent level of effort warranted
by someone wanting to circumvent whatever protection you implement.
Or, put another way:
By definition, assuming you do not put more effort into protecting
the code than is actually justified, your code will not be well-
enough protected to discourage someone who really wants to reuse
it or otherwise reverse engineer it.
The corollary to the above is:
If your code is well-enough protected that no one will find it
worth the effort to circumvent your protection, then you spent
too much protecting the code.
Copy protection is a losing battle. Encryption is well and good for
protecting data, but only because public key encryption allows us to
have encryption without one end having the secret key required to
decrypt at the other end (and even there, we need longer and longer keys
as computing power becomes less and less expensive). Code can't work
until it's unlocked, and if that unlocking occurs on the client end,
then the client will always be able to see the code.
Instead of worrying about copy protection, one should ensure that they
offer value above and beyond just the code itself. Customer support,
documentation, or even using the code to provide a service rather than
delivering it to the customer, that sort of thing.
Pete