Re: Are .NET Windows Applications Totally Insecure?
From: Michel Gallant \(MVP\) (neutron@istar.ca)
Date: 03/09/03
- Previous message: clintonG: "Are .NET Windows Applications Totally Insecure?"
- In reply to: clintonG: "Are .NET Windows Applications Totally Insecure?"
- Next in thread: clintonG: "Re: Are .NET Windows Applications Totally Insecure?"
- Reply: clintonG: "Re: Are .NET Windows Applications Totally Insecure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michel Gallant \(MVP\)" <neutron@istar.ca> Date: Sat, 8 Mar 2003 18:05:50 -0500
First off, an item (whether it be a native exe, dll or .net assembly or java appetl)
is digitally signed to provide *authentication* and integrity verification for the end
user.
It is not really about protecting the "digital asset ownership" of the application
itself.
You can probably do the same thing with a signed cab archive (i.e. extract the contents,
and repackage and sign with your own certificate, claiming you are the owner .. hence
constituting fraud!).
It is up to the owner to ensure that they *trust* the digital certificate (and hence the
CA issuer)
of any application they receive that is signed.
So this is not an issue with .net at all. It is a lack of understanding of what
the purpose of a digital signature is all about!
- Mitch
"clintonG" <csgallagher@REMOVETHISTEXTmetromilwaukee.com> wrote in message
news:#E0fSwb5CHA.2400@TK2MSFTNGP11.phx.gbl...
> An associate claims windows applications developed with the
> .NET Framework are totally insecure with regard to maintaining
> digital asset ownership.
>
> His claim is based on an assertion that he can use ILDASM
> on a dll or an exe to expose the owner of the application,
> including the security certificate which can then be cut out and
> replaced with other credentials and re-assembled thereby
> making the application 'theirs.'
>
> How sound is his assertion?
> Comment on why or why not please.
>
>
> --
> <%= Clinton Gallagher
> A/E/C Consulting, Web Design, e-Commerce Software Development
> Wauwatosa, Milwaukee County, Wisconsin USA
> NET csgallagher@REMOVETHISTEXTmetromilwaukee.com
> URL http://www.metromilwaukee.com/clintongallagher/
>
> LaGarde StoreFront 5 Affiliate: e-Commerce Software Development
> SEE: http://www.storefront.net/default.asp?REFERER=-201499070
>
>
>
>
>
>
>
- Previous message: clintonG: "Are .NET Windows Applications Totally Insecure?"
- In reply to: clintonG: "Are .NET Windows Applications Totally Insecure?"
- Next in thread: clintonG: "Re: Are .NET Windows Applications Totally Insecure?"
- Reply: clintonG: "Re: Are .NET Windows Applications Totally Insecure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
