"What is better" question ...

[Chad Z. Hower aka Kudzu]

I need to store some information about my application, such as trail
version limits, allowed modules, etc.
My question is whether it's better to store it in the windows
registry, or in a binary file in the application's directory. My

Neither. Use the user local storage. The paths are listed in the Application object.



--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Make your ASP.NET applications run faster
http://www.atozed.com/IntraWeb/

 

[Tom Rahav]

Hi!

I need to store some information about my application, such as trail version
limits, allowed modules, etc.
My question is whether it's better to store it in the windows registry, or
in a binary file in the application's directory. My question is more aimed
to the security issues, because I don't face performence as problem, since I
need it just what the apllication starts.

Thanks!
Tom Rahav.

 

[Steven Cheng[MSFT]]

Hi Tom,

As for the where to store those privacy datas in our published programs
question, IMO, registry or any other external
config files may be simple for develop and use, but none of them are the
secure means. Yes, there used to be many softwares which use the registry
to store such trial version limit info, however since nowadays we can
easily capture such info through may tools such as regmon, this is no
longer a reasonable means.
Based on my experience, most application will embed such information in the
application's binary executable file itself. I know that some applcation
will embed the application's startup times in the PE file's end and read
(and update it) at the beginning of the application and this is usually
done by calling raw win32 system API to read application memory. In .net
world, I think you can consider embed such info into a binary file , and
use some encryption/digitsign means to protect it from being tampered.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Tom Rahav]

Hello Steven,

If I do understand you well, storing such information in the application's
binary file, require re-compilation for each change in these variables. What
I actually want is to provide the the ability to add and remove modules
dinamically, without creating a different installation / exe file per each
version. Did I get you well?
Thanks!
Tom.

 

[Patrice]

A bit confusing ?

You could have just those modules in a directory and load them if available
or list them in the config file...

Do you mean you should have a mean to enable/disable the module. Past
applications protected with dongle were using an identifier for each module
combined together with an expiration date and giving a last result...

Each time the user wants to add a module you issue them the new result of
this computation else they are not recognized...

Not sure what is the exact question ?

Patrice

 

[Steven Cheng[MSFT]]

Thanks for Patrice's input.

Hi Tom,

Yes, injecting info in application's binary file dynamically in runtime is
diffcult(need to use raw win32 API) and this is even impossible in .net
world when we strong-named our assembly. Anyway, for your scenario, I think
you can put those info in a separtae binary file, and to make it more
secure, I suggest you perform encryption and digitsign on them.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[cody]

If the information is User- or Computer dependent use the registry,
otherwise use the application's directory.