Re: Application security
From: Nicole Calinoiu (nicolec_at_somewhere.net)
Date: 05/19/04
- Previous message: Mike001: "RE: unstoppable windows service"
- In reply to: anonymous: "Application security"
- Next in thread: anonymous: "Re: Application security"
- Reply: anonymous: "Re: Application security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 May 2004 21:16:34 -0400
<anonymous> wrote in message news:uhWvLaOPEHA.3988@tk2msftngp13.phx.gbl...
> Hi,
>
> I have some questions regarding security in .NET.
> For customers, I have made an application in C#; an exe and some dlls.
>
> - to prevent user from using my dlls directly, a good solution seems to
> use
> strong name.
Demanding a StrongNameIdentityPermission that corresponds to your own code's
strong name will help you with this goal. Simply assigning strong names to
your own assemblies will not.
> It works fine in samples but I have problems to integrate
> strong name when dll have external references like Interop.SHDocVw...and
> in
> this case AllowPartiallyTrustedCallersAttribute doesn't work...
> Is there a solution ?
What exactly is the problem? Assigning strong names to your assemblies is
not, in and of itself, sufficient to prevent them from running with full
trust. Is the problem that you want your assemblies to run with reduced
permissions and still call managed COM wrappers? Or is the problem that
you've somehow reduced the permissions granted to your assemblies and you
want to have them run with full trust?
>
> - Moreover some dlls are unmanaged C++. Does it exist strong name
> technique
> for them ?
Which DLLs? The ones you want to protect or the ones from which you want to
protect your own strongly named assemblies?
>
> - I want to obfuscate my assemblies. I try Dotfuscator in VS .NET 2003.
> Works fine except when
> strong names are used !
You need to delay sign your assemblies if you are going to obfuscate them
after compilation. Otherwise, the obfuscation process will invalidate the
load-time integrity check performed by the CLR. There is a Dotfuscator FAQ
covering this topic on the PreEmptive support site.
> And it is not a very good solution to hide code. Is there some other
> techniques to protect dlls,
> like native code generation or other stuffs ?
If you don't like the Dotfuscator Community Edition included with
VStudio.NET, there are quite a few commercial products that you might find
more acceptable, including at least one that claims to convert to native
format. Most vendors also offer some sort of trial that would allow you to
evaluate the products yourself.
>
> - I want to manage demo and customers version with license key policy. I
> download some demo of
>
> exe-protector (like PELock). But it seems not working with C# code or dll,
> even when I disable most of options... Which tool can I use ? Are there
> some
> other solution ?
The .NET framework includes some licensing functionality (see
http://windowsforms.net/articles/Licensing.aspx for an introduction). If
you would prefer to use a packaged solution, you might find Aspose.License
(http://www.aspose.com/Products/Aspose.License/) acceptable, particularly
given that you can use it for free if you don't about receiving product
support.
- Previous message: Mike001: "RE: unstoppable windows service"
- In reply to: anonymous: "Application security"
- Next in thread: anonymous: "Re: Application security"
- Reply: anonymous: "Re: Application security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
