|
Well most of what you describe is the algorithm's used in SSL/TLS. For example creating a random master key to exchange the sym keys for the current session.
-
Drew
|
|
|
|
|
What came in mind first: JBuilder, IntelliJ IDEA. Theese are Java applications, but Java can be decompiled as easily, as .NET managed code.
|
|
|
|
|
authorization user/pass and configuration data shouldn't be in the source code in the first place, but in a separate data store. This data store should be encrypted if the information is sensitive.
However I agree with your commercial product comment - you don't want your competition getting ideas from your code. However I doubt many companies with the long term in mind would risk decompiling copyrighted software and using any part of it in their products.
I have to agree with the other comment above (by zlossik) - in line with my original comment - that the *support* is the valuable part, and the original developers are in the best position to do this.
|
|
|
|
|
Ashley van Gerven wrote:
authorization user/pass and configuration data shouldn't be in the source code in the first place, but in a separate data store. This data store should be encrypted if the information is sensitive.
even the user/password not in the source code, the way you retreive it, I can doing the exact way to get them by going through part of your source code. also I can create a small project directly call to your fuction to get them. am I right?
eric feng
|
|
|
|
|
yes you're right... you could use the source to find out how to retrieve the sensitive data.
|
|
|
|
|
For a determined person it's not very hard to explore the compiled code too (lots of keygens and cracks around the net). Hiding such things behind assembler code complexity and relying on it does't solve security problems. It seems to me we shouln choose another way to build truly secure products
|
|
|
|
|
I agree with you, there is no true secure method to block the determined person for now.
but, in .net windows application ANYONE can easily crack the security or keygen in few hours or even less.
eric feng
|
|
|
|
|
No objections. I don't want to say that it's not a problem, it is a problem and we should take it into account when making decisions. My main point was that any decisions must be carefully thought out, and my opinion is that ease of decompiling shouldn't be the only reason for not using managed code.
|
|
|
|
|
It's not only user/password or hardcoded data. Whenever a customer wants the source, he can have it, but for 5-10 times bigger charge. Most if not all of the bigger tech companies have nothing better to do than to analyse your work and use it, so I am out of business after the first project, no matter how good or fast development and support were. I once even had to give support for my source that was used in a different project (which I discoverd later).
Source code means the knowledge how to handle something, so if someone wants it, he has to pay me for. Sorry for that, but I been screwed more than once.
I'm happy for codeproject and all the good stuff in here, I use a lot that and have no problem of sharing information with you. I only dislike people that (ab)use you as a consultant and pay you as a programmer.
|
|
|
|
|
DiWa wrote:
Source code means the knowledge how to handle something
I have to agree with that; if your code gives your competition a quick answer to something that took you any length of time, then you lose any edge you might have had. Then rebuilding your idea in new code could hardly be linked back..
DiWa wrote:
use you as a consultant and pay you as a programmer
funny you should mention that... kindof finding myself in this situation these days
|
|
|
|
|
eric feng wrote:
Anyone worry about your source code?
You mean my company's source code
My programming blahblahblah blog. If you ever find anything useful here, please let me know to remove it.
|
|
|
|
|
Yes. Give me your EXE or DLL, I give you back with your source code in 2 minutes.
eric feng
|
|
|
|
|
This is exactly why the .NET craze never got a hold of me.
Removed... Too many questions
|
|
|
|
|
You can obfuscate your code using one of the many tools, or you can sell your source code along with your product so it's a moot point, or you can make it so that it's not the application that's important but rather the data, or if you feel someone's stealing your IP then you can decompile their app and take a look yourself.
cheers,
Chris Maunder
|
|
|
|
|
Chris Maunder wrote:
You can obfuscate your code using one of the many tools
I tested Dotfuscator, it is not a easy work for a programming team and multiple projects sharing all DLLs and more...; the time saved on .NET then wasted on obfuscate.
Chris Maunder wrote:
you can sell your source code along with your product so it's a moot point, or you can make it so that it's not the application that's important but rather the data
Do you mean .NET means open source? if the anwser is positive, how can I not to give up .NET!!!
Is .NET another Java?
eric feng
|
|
|
|
|
just release it open source... that way you're guaranteed that no one will ever decompile or look at your code.
/bb|[^b]{2}/
|
|
|
|
|
There are some things I'm really looking forward to with C# 2.0--generics, partial types, anonymous methods and iterator blocks.
As to .NET 2.0, I think the thing that interests me the most is potential performance improvements especially in reflection.
Marc
MyXaml
Advanced Unit Testing
|
|
|
|
|
Generics are really a feature of .NET CLI, not C# in particular.
My programming blahblahblah blog. If you ever find anything useful here, please let me know to remove it.
|
|
|
|
|
Not to downplay generics at all, but I've found anonymous methods almost more useful than generics, especially when writing code that needs to manipulate a WinForms control on its original thread, or doing callbacks and asynchronous code. Very, very useful addition to the language IMO.
Additionally, as part of .NET 2.0, Windows Forms has undergone a big overhaul, with a lot of good stuff including skinnable menus, new controls like ToolStrip, MenuStrip, SplitContainer, rafting controls, DataGridView, just to name a few.
Any remotely useful information on my blog will be removed immediately. There are 10 kinds of people in the world. Those who have heard of the ubiquitous, overused, worn-out-like-an-old-shoe binary "joke" and those who haven't.
Judah Himango
|
|
|
|
|
... has to be at least "slightly interested". Even if you don't have any immedate plans on upgrading, one of your customers might, and you may find your 1.0 and 1.1 .NET apps running on the 2.0 framework. Yes, I believe it is supposed to be backwards compatible, but everyone knows there's always something that changes...
IIRC, a machine can only have one version of the .NET framework running at a time. Is this true, and will it still be true with version 2.0 (e.g., to run .NET 2.0, you have to upgrade, you can't have 1.1 and 2.0 running side by side, for instance)?
An expert is somebody who learns more and more about less and less, until he knows absolutely everything about nothing.
|
|
|
|
|
>IIRC, a machine can only have one version of the .NET framework running at a time
Maybe I am wrong but I think you are wrong. Certainly with ASP.NET you can have one code-base targteting v1.0 and another targetting v1.1 on the same machine at the same time.
I believe this to be true for WinForm apps too, though I have little experience in that area.
Also right now on my machine I have v1.0, v1.1 and the BETA of v2.0 running with different ASP.NET sites using the different versions. You can actually set directives in the web.config to tell the app what version to use.
3 Leaf seems to indicate likewise.
(And if you weren't making a statement but were rather asking a question, then apologies, I am unsure about your phrasing.)
regards,
Paul Watson
South Africa
Michael Dunn wrote:
"except the sod who voted this a 1, NO SOUP FOR YOU"
Crikey! ain't life grand?
|
|
|
|
|
Yeah, it was kind of both. I was in a sense wondering if there could actually be more than one .NET Framework running on the same machine at the same time. So with what you said, it appears you can. That is a good thing.
An expert is somebody who learns more and more about less and less, until he knows absolutely everything about nothing.
|
|
|
|
|
Navin wrote:
if there could actually be more than one .NET Framework running on the same machine
I accidently made this discovery! I happened to install .net 1.1 n then went on to install VS.NET (Not 2003). It began complaining that .net framework was not installed. So I installed 1.0 and things really came out fine.
Thus I ended up with the cheapest solution to the problem: Install 1.1 as well as 1.0 (Actually 1.1 is used only for my RSS Bandit - No other use for that!)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
As you guys ended up in the conclusion:
Yes, any number of the .NET framework can run side-by-side on a machine. Any application can be reconfigured or better said, 'redirected' to various versions of assemblies, including the .NET framework class library.
RGab
|
|
|
|