I have a desktop application developed in C#.NET, with an encrypted database.
The encryption password is hard coded in the application code.
How can I hide this password, since the code can be accessed through
a .net disassembler?
Maybe obfuscate the code could be a solution, but how do I create a setup for the application with the obfuscated code, because every time I rebuild the setup, a brand new .exe is created and the code is never obfuscated.
I hope someone knows how to get around this.
My suggestion is to not do this and here's why: SCADA
You definitely want to look into some for of encryption, some professional obfuscators will encrypt string information in an assembly as well.
Related
I have a simple question in which I couldn't find an exact answer to, that question being:If I created an ASP.NET webpage, is it possible for someone to steal my C# source code?And if so, how can I protect my webpage's source code from being stolen/dumped/reverse engineered?
Please if you do know anything about this, as many replies as possible would be greatly appreciated! Thank you guys so very much, even if you just give me an idea on this topic! :)
Are you talking about a corporate user or a regular user?
Someone accessing your website from a web browser, like a standard user can not access your aspx/cs server side code. However if you are talking about a corporate user, if they browse to your web server and have access to your inetpub\wwwroot directory (or wherever your source resides) they have full read or maybe even write access. It all depends on the type of user, and the user security system in place for your domain, whether the person trying to get in is part of your domain and has proper privileges on your server. Also some client side scripts are exposed to user's as well.
So as far as server side scripts, users not part of your domain, and stringent security settings on your web server, are all factors contributing. But I think you mean in the context of a user just trying to access code from the web browser without any additional permissions. Which in this case would be no.
Not a complete answer but your C# code will be better protected if you use a Web Application rather than a Web Site. Your C# code will be compiled so even with an FTP access (or a direct access to the production server, if you suspect an inside threat), one won't be able to download your .cs files. Of course, one can download .dll and reverse engineer but that's something.
Read more about Web Apps vs Web Sites here : http://msdn.microsoft.com/en-us/library/dd547590.aspx
To the best of my knowledge there is not a way for someone to steal your asp code unless you allow them to see the file itself. If you view source you will see that the majority of the asp code has been changed either to html or javascript.
If I created an ASP.NET webpage, is it possible for someone to steal my C# source code?
Yes it is, there just to many ways how this can happen, vulnerability in the hosting environment, IIS exploit, your code allowing to download things etc. Just accept that your libraries (I assume they are compiled by the time you deploy) will be downloaded and protect them accordingly.
How can I protect my webpage's source code from being stolen/dumped/reverse engineered?
You cannot have an ultimate protection, but you may make life complicated for the person trying to reverse engineer it. Probably the most effective solution is to use code obfuscation. You may also want to read more general documentation on this topic, such as Design Guidelines for Secure Web Applications.
Does anyone know good sample code, using ASP.net security, that sets up a sample Visual Studio 2010 application, along with a log in page, and the logic/code to verify users who sign up via email? I feel like this must have been written thousands of times.
I will give you the URL that I started with. You can go form that to a different approach if you like but that is well explained and you can understand what you need to do:
http://forums.asp.net/post/1860807.aspx
please notice that the example there is old and you will need some ADO.NET understanding but the idea is the same
I'm trying to make a password protected project in Visual Studio 2010. Is there an option in Visual Studio to protect the project folder from being accessed without a password or something?
I need this to protect my projects from other nosy people, or an external program of some sort.
Thanks!
As far as I know, there is no an option like this.
Anyway, protecting a folder with a password is a really bad idea because brute forcing it could be really easy.
I suggest you use TrueCrypt to create a protected storage and use that like container, mounting it when you need and dismounting it when you're not sitting in front of your PC.
You can not do that inside Visual Studio, but what you can do like a possible solution if I right understood your trouble is use of source control.
Push your code in some source control (there are a lot of free of them) and even if something goes wrong (for 1000 possible reasons) you always will have a possibility to investigate history of issue and roolback unnecessary changes back.
Commits to source control can be protected by your password, instead.
Hope this helps.
Informative
I'm working on a project that loads a binary file from the disk. This file has a specific structure to store data and I need to protect this file from being loaded if the data was generated/tampered by third parties.
Resume
I have a file that I must check if the "creator" is me before loading.
Project Specification
The application that loads the file is written in C++.
The application that generates the file is written in C#.
Question
What are my options to accomplish this?
What libraries/algorithms to use?
Can you provide me some steps or guides?
Notes
I have Crypto++ linked to the C++ project if it helps.
What you are looking for is a signing/certifying system wirth asymetric keys. The functionality is built in .Net. A Quick google search shows this example which looks legit.
Keep in mind though, that if you don't have the full control of the certification process (if your application is on a client's computer), someone might decompile the code to bypass the check.
quickly like that i would take a look at LZMA SDK since the SDK support c++ and C# and just compress/encrypt the file
maybe there is a better solution, but this would be my first try
I have an asp.net web application. I don't have the source code. The bin contains 10 assemblies and a .compiled file. I used Reflector on the App_Code.dll and it shows me classes and namespaces and stuff, but its such a mess.
Is there any way to reverse engineer this web app that won't take weeks/months to unfold? The application is pretty basic.
Note, the code is written by an engineer that left the company. We own the product.
With reflector you can save the reflected code out to a project which you can load up in Visual Studio. It´s probably your best choice.
What you see is what you get and you just have to wade thru it in order to understand what´s going on in the program. Reading code is no free lunch.
Unfortunately if you don't have the source code, you have one of 3 options:
Reflector
Rewrite
Sue the original dev to give you the source code that you own (IANAL, so YMMV)