J
Jeff Stewart
I'm about to start development on a large client/server system using .NET
for both, barring any security concerns. Namely, I'm still a little vague
on what is exposed to end-users in a .NET assembly. Does the possibility
exist that a client assembly can be examined, using common tools -- say,
included in the .NET SDK -- and information extracted that could be used to
exploit the server? Particularly, how does reflection enter into all of
this? In using .NET's reflective features, what, if anything, do you have
to be on the lookout for to prevent including sensitive information/code as
readable text in an assembly? Are there any common pitfalls for this kind
of scenario?
for both, barring any security concerns. Namely, I'm still a little vague
on what is exposed to end-users in a .NET assembly. Does the possibility
exist that a client assembly can be examined, using common tools -- say,
included in the .NET SDK -- and information extracted that could be used to
exploit the server? Particularly, how does reflection enter into all of
this? In using .NET's reflective features, what, if anything, do you have
to be on the lookout for to prevent including sensitive information/code as
readable text in an assembly? Are there any common pitfalls for this kind
of scenario?