Security makes .Net a JOKE.....

E

Earth Worm Jim

MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.

ALL I WANTED TO KNOW WAS HOW TO DETERMINE WHICH PERMISSIONS AN ASSEMBLY
NEEDS AND HOW TO DENY ALL OTHER PERMISSIONS

BUT YOU CAN'T DO THIS EASILY.

EARTH WORM JIM
 
E

Earth Worm Jim

OH AND NOT EVERY DEVELOPER WANTS TO BECOME A SECURITY EXPERT JUST SO THAT
THEY CAN GET THERE APPLICATION OUT THERE IS THE REAL WORLD.

IS IT TO MUCH TO ASK FOR A COMPLETE EXAMPLE AND NOT JUST STUPID EXAMPLES
 
P

Paul E Collins

Earth Worm Jim said:
MICROSOFT IF YOU WANT TO STOP
SECURITY LEAKS IN DEVELOPERS CODE
TRY MAKING THE DOCUMENTATION ON
HOW TO SECURE .NET APPLICATION
UNDERSTANDABLE, TRY WRITING IT IN
ENGLISH AND NOT JARGON.

Better still, why don't they write it in all capital letters?

P.
 
T

ToddT

searching on "code security" in msdn found several high-level and
several overview documents (and step-by-step tutorials) on the
subject. is microsoft asking too much that you actually read an
article or two?
 
M

Michael A. Covington

Earth Worm Jim said:
MICROSOFT IF YOU WANT TO STOP SECURITY LEAKS IN DEVELOPERS CODE TRY MAKING
THE DOCUMENTATION ON HOW TO SECURE .NET APPLICATION UNDERSTANDABLE, TRY
WRITING IT IN ENGLISH AND NOT JARGON.

Hmmm, are you telnetting into Windows from a Model 33 Teletype?

If so, impressive!
 
S

SStory

Honestly, Todd, I must agree with Earthworm a bit....

There may be some great solutions but finding them is like searching for
platnum.

1.) Best way to protect intellectual property? And afford it?
2.) Best way to distribute and license and yet be able to update?
I have searched for some time and still don't have a good complete solution.

Shane
 
D

Daniel O'Connell [C# MVP]

SStory said:
Honestly, Todd, I must agree with Earthworm a bit....

There may be some great solutions but finding them is like searching for
platnum.

1.) Best way to protect intellectual property? And afford it?

That one is easy, there are two choices: keep it to yourself or write
immensly boring stuff(believe it or not, most protection is the latter, no
one simply cares). You can't protect intellectual property that you release.
You can sue, you can run massive campaigns against theft, and you'll *still*
have your property stolen. Obfusticate, use C++ and native code, sell your
software sealed in a chip...someone is still going to steal it if its
interesting.
2.) Best way to distribute and license and yet be able to update?

This one is difficult, and depends strongly on what you are doing. No single
platform offers much of a solution to this, and like above, licensing is
really just for the honest person, anyone who wants to steal your software
will, be it in C++ or .NET, your license can(and will) still be broken.

Best way to distribute depends heavily on the app. A small app is
downloadable, but if your app is 500 megs, then the best is bound to be cd
based.
 
S

SStory

Agreed,
If anyone wants to crack it they will, but I don't want to put it out there
with no protection.
Some honest people won't go to warez. Others will.. I am looking at the
honest folks.

So small app--not counting the dotnet runtime--which is why I will
distribute the original on CD.
What is the best solution to keep the honest folks honest and still be able
to provide updates over the internet?

Thanks,

Shane
 
D

Daniel O'Connell [C# MVP]

SStory said:
Agreed,
If anyone wants to crack it they will, but I don't want to put it out
there
with no protection.
Some honest people won't go to warez. Others will.. I am looking at the
honest folks.

Actually, honest people don't steal, when they decided to steal there goes
their honesty, doesn't it now?
So small app--not counting the dotnet runtime--which is why I will
distribute the original on CD.
What is the best solution to keep the honest folks honest and still be
able
to provide updates over the internet?

Again, there isn't. Cracking a program isn't any more work for most people
beyond hitting a search engine, typing in the name and running a small
program. All native code may do is buy you a few hours more before that
search engine lists your app, and honestly it probably won't. Beyond that,
I'm not sure where updating comes in to the picture, as they are seperate
things.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top