Clever Geek Handbook

Is it safe to use a DLL for the core logic of your .NET application?

If the user knows almost anything about coding in .net and they see the .dll, they have the unfortunate opportunity to call your public functions and routines. I know you can try a "key" system where it will check for a specific "key" as an argument and only run the code if the "key" is valid, but I just ran the code and dlls that I and when the .dll threw unhandled exception, it showed me the contents of the file.

How can you protect your DLLs? If you only put code in which you are willing to take the risk?

+2


source to share


4 answers


Nevermind calls existing methods, etc. Reflector decompiles the code!



Obfuscation will get you there so far, but to protect your critical IP, you need to host it on a secure server that you manage.

+9


source


Remember, there is no difference between a .NET DLL and an EXE when it comes to decompilation or reuse in other applications.

Your question assumes that putting all your code in an executable is somehow safer, this is a big misconception.

Both are assemblies, so it is equally easy to instantiate and use the public types in the executable as it is with an assembly DLL. (As an example, in Visual Studio, navigate to: Add Link, Browse, and then note that "exe" is a valid component to link.)



So the question is really more general: is it safe to deploy .NET assemblies of any type to your clients? As the other answer says, the only guaranteed safe approach is not deploying at all, but building on your own server (like developing a web application).

Obfuscation will not force someone to access your code, just make it harder (for a while) so that they understand it.

+3


source


I'm going to work around the actual question you asked in order to quickly point you in the direction you need to go.

You need to look into obfuscation.Net. Here's a good post from someone else asking basically the same question, but in different terms:

.NET obfuscation tools / strategy

Edit - Added

Here is a good article on the problem you are asking for.

http://aspnet.4guysfromrolla.com/demos/printPage.aspx?path=/articles/080404-1.aspx

And @Mitch Wheat is right. Obfuscation will get you so far. But this is the beginning. If you are going to redistribute your dlls, you need to get used to the idea that someone is tough enough to hack them.

+1


source


A little question

Whether it is a C # application or application (Windows Forms / command line).

If it is a web application, you can put the logic you want to hide in a web service hosted at some other URL that is not publicly available.

Also if it is a Windows application, you can still obfuscate the dll. But remember, you can make it harder for hackers to decompile, but not impossible. I also had a similar question in the link below.

How to prevent decompilation of any C # application

You have to weigh the benefits of decompilation over business gains by hiding / leaving the code as it is.

Hope it helps.

+1


source






More articles:


All Articles