Security and C# - how secure are C# applications (w.r.t IP) ?

S

Susan Baker

We are currently developing a commercial application which we are
writing mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing
assembles and using role based security policies etc have limited
benefits if an end user can easily reverse engineer the binaries and
"side step" any implemented security policies.

I may be over emphasising the problem - but I'd like to know what
measures commercial vendors out there (that use C#), are employing to
ensure that their IP stays as safe as possible?

MTIA
 
J

Jesse McGrew

Reverse engineering only poses a threat to security if your security is
implemented on the client side. That's obviously a bad idea.

Even if you stick with C/C++, you'll only make reverse engineering
slightly harder, not impossible. Anyone with enough motivation will be
able to crack it anyway - just look at how the copy protection in video
games is cracked within hours of release. The real solution is to
implement your security measures on the server, where attackers won't
be able to read or alter the code.

Jesse
 
M

Marc Gravell

With regards to reverse engineering, have you looked at dotfuscator or other
obfuscation tools?

Marc
 
H

Henry Padilla

Susan Baker said:
We are currently developing a commercial application which we are writing
mostly in C# (at least the front end).

The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing assembles
and using role based security policies etc have limited benefits if an end
user can easily reverse engineer the binaries and "side step" any
implemented security policies.

I may be over emphasising the problem - but I'd like to know what measures
commercial vendors out there (that use C#), are employing to ensure that
their IP stays as safe as possible?

MTIA
Click to expand...

A couple of great obfuscators I've seen are CodeVeil and XenoCode Protector.

See if that helps you. But, as one person already mentioned, resign
yourself now to some amount of hackery. Even if just to prove they can do
it.

Tom P.
 
I

Ivan

With regards to reverse engineering, has anyone heard about a tool to reverse-engineer from C#
source code to UML?

Ivan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

C# .NET 4 Framework freeware program security question 3
Whats the Deal with Visual C++.Net? 21
Seeking C# Engineer 1
C# Plugin system - same interface in two different assemblies... 18
Managing DHCP Servers using C# 1
Can I do this? 4
how much harder is Windows C API than C#/.NET 111
Clients machine resolve sub domain (internal) with parent domain (ISP) IPs 3

Top