Re: Are .NET Windows Applications Totally Insecure?
From: clintonG (csgallagher@REMOVETHISTEXTmetromilwaukee.com)
Date: 03/10/03
- Previous message: Andrew: "Thread protection"
- In reply to: Michel Gallant \(MVP\): "Re: Are .NET Windows Applications Totally Insecure?"
- Next in thread: Michel Gallant \(MVP\): "Re: Are .NET Windows Applications Totally Insecure?"
- Reply: Michel Gallant \(MVP\): "Re: Are .NET Windows Applications Totally Insecure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "clintonG" <csgallagher@REMOVETHISTEXTmetromilwaukee.com> Date: Sun, 9 Mar 2003 17:33:39 -0600
Semantic babble. What good is authentication if what is being
authenticated is a lie?
It seems to me that the associate was correct in concluding that
.NET Windows applications are not and can not be made secure
and would be a foolish venture for developers not backed by a team
of lawyers and plenty of cash.
--
<%= clintonG
NET csgallagher@REMOVETHISTEXTmetromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/
"Michel Gallant (MVP)" <neutron@istar.ca> wrote in message news:#KBTcdc5CHA.3248@TK2MSFTNGP11.phx.gbl...
> First off, an item (whether it be a native exe, dll or .net assembly or java appetl)
> is digitally signed to provide *authentication* and integrity verification for the end
> user.
> It is not really about protecting the "digital asset ownership" of the application
> itself.
> You can probably do the same thing with a signed cab archive (i.e. extract the contents,
> and repackage and sign with your own certificate, claiming you are the owner .. hence
> constituting fraud!).
>
> It is up to the owner to ensure that they *trust* the digital certificate (and hence the
> CA issuer)
> of any application they receive that is signed.
>
> So this is not an issue with .net at all. It is a lack of understanding of what
> the purpose of a digital signature is all about!
>
> - Mitch
>
> "clintonG" <csgallagher@REMOVETHISTEXTmetromilwaukee.com> wrote in message
> news:#E0fSwb5CHA.2400@TK2MSFTNGP11.phx.gbl...
> > An associate claims windows applications developed with the
> > .NET Framework are totally insecure with regard to maintaining
> > digital asset ownership.
> >
> > His claim is based on an assertion that he can use ILDASM
> > on a dll or an exe to expose the owner of the application,
> > including the security certificate which can then be cut out and
> > replaced with other credentials and re-assembled thereby
> > making the application 'theirs.'
> >
> > How sound is his assertion?
> > Comment on why or why not please.
> >
> >
> > --
> > <%= Clinton Gallagher
> > A/E/C Consulting, Web Design, e-Commerce Software Development
> > Wauwatosa, Milwaukee County, Wisconsin USA
> > NET csgallagher@REMOVETHISTEXTmetromilwaukee.com
> > URL http://www.metromilwaukee.com/clintongallagher/
> >
> > LaGarde StoreFront 5 Affiliate: e-Commerce Software Development
> > SEE: http://www.storefront.net/default.asp?REFERER=-201499070
> >
> >
> >
> >
> >
> >
> >
>
>
- Previous message: Andrew: "Thread protection"
- In reply to: Michel Gallant \(MVP\): "Re: Are .NET Windows Applications Totally Insecure?"
- Next in thread: Michel Gallant \(MVP\): "Re: Are .NET Windows Applications Totally Insecure?"
- Reply: Michel Gallant \(MVP\): "Re: Are .NET Windows Applications Totally Insecure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
