Securing a .NET application

[Mark Ingram]

Hi, what steps do i need to take to make our application as secure as
possible? At some point over the coming months it will be released to
the public and we want to make sure that our competitors cant get access
to our source code.

I know about creating strong key names, but that doesnt stop the IL code
being read. Obfuscation (sp?!) as i briefly understand can help to make
the IL unreadable for anyone who attempts it. But what else can be done?
And what obfuscation tools do you use?

Thanks,

Mark

 

[Chris S.]

Dotfuscator is the only one I've tried (as it comes with vs.net) but
seems to do the job. Are you storing passwords inside the source code?
Obfuscation is really the only protection you have against source code
theft with an interpreted byte-code language as far as I know. A native
image via NGEN may be one other option.

 

[Mark Ingram]

Dotfuscator is the only one I've tried (as it comes with vs.net) but
seems to do the job. Are you storing passwords inside the source code?
Obfuscation is really the only protection you have against source code
theft with an interpreted byte-code language as far as I know. A native
image via NGEN may be one other option.

hmm, yeah, i guess we could precompile the .exe for the windows
platform. that would add an extra layer of protection wouldnt it?

 

[Willy Denoyette [MVP]]

| Chris S. wrote:
| > Dotfuscator is the only one I've tried (as it comes with vs.net) but
| > seems to do the job. Are you storing passwords inside the source code?
| > Obfuscation is really the only protection you have against source code
| > theft with an interpreted byte-code language as far as I know. A native
| > image via NGEN may be one other option.
| >
|
| hmm, yeah, i guess we could precompile the .exe for the windows
| platform. that would add an extra layer of protection wouldnt it?

No it won't:
1. you have to ngen on the target platform,
2. you still need the original assembly, you can't run ngen'd images without
it.

Willy.