Solved

encrypt c# code?

Posted on 2010-09-02
17
731 Views
Last Modified: 2012-05-10
dear experts,

currently i have 3-4 web apps (asp.net) . i have copied all the code [aspx + codebehind c#] onto the webserver alongwith the web.config file.

some of the c# pages as well as the web.config file has some database usernames & passwords in them.

i used "publish" option and made dll files out of c# code. however, these dll files are very easily readable just by opening them in notepad.

what can i do so that my source code is completely unreadable to others?
i've heard about dotfuscator but don't know how to use it or even whether it solves my purpose.

kindly help.
0
Comment
Question by:RakeshBhandari
  • 5
  • 4
  • 2
  • +5
17 Comments
 
LVL 19

Expert Comment

by:Amandeep Singh Bhullar
Comment Utility
Can suggest you one thing.

Create the seperate DLL's include it in the Bin Folder.
Call all the functions from this DLL and this will solve your problem

For this you need to create the project of type "Class Library"

Hope this will help you
0
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
There is a great MSDN article on the subject here
http://msdn.microsoft.com/en-us/magazine/cc164058.aspx
0
 
LVL 10

Expert Comment

by:Jini Jose
Comment Utility
use web application instead of website. then compile and put aspx file and dll.  if you want to encrypt , then use dotfuscater.
0
 
LVL 11

Expert Comment

by:madgino
Comment Utility
There is really no 100% safe solution.

If you have VS it comes with a limited free version of dotfuscator, it's easy to use, you open the project with it and rebuid it again, this time compiled.

There are better solutions on the market (including dotfuscator full version) but all costs money and in my opinion it desn't worth to invest in this as if you have a hacker wanting your code probably after a while he'll be able to get it (considering he's having access to the dlls).

Ofcourse it depends on how sensitive is your code for you.
0
 
LVL 2

Author Comment

by:RakeshBhandari
Comment Utility
@Neilsr

yes, i read that... doesn't really provide a solution... just theories


@gmailjini

the DLLs are readable in notepad
0
 
LVL 2

Author Comment

by:RakeshBhandari
Comment Utility
@madgino

thank you for your insight
but please guide me so that i can atleast have as much security as possible [even though it may not be 100% foolproof]
0
 
LVL 7

Expert Comment

by:jdavistx
Comment Utility
As far as I know, an obfuscation tool is your most likely route, but even then you're not guaranteed of preventing someone analyzing your code from but only making it much more difficult for them.

I want to say I've read some article about moving all of your C# code to com objects, or something weird, and that was some way to further complicate someone's life were they to look around at your code.

In the end, though, you can't be guaranteed that no one will be able to snoop around, but you can make it a lot harder for them.  I would go with one of the many available (albeit not always free) obfuscators: http://msdn.microsoft.com/en-us/vcsharp/aa336818.aspx
0
 
LVL 11

Expert Comment

by:madgino
Comment Utility
So the solution is to use one of the obfuscators available on the market, you have a list in above post.
As for quality of each it's hard to tell you should pick one based on your budget.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Author Comment

by:RakeshBhandari
Comment Utility
i need encryption to hide my database connection strings
0
 
LVL 65

Expert Comment

by:rockiroads
Comment Utility
if its just a case of usernames and passwords why don't you store that encrypted in the registry or a file or something, would be harder to get hold off
encrypting http://www.obviex.com/samples/Code.aspx?Source=EncryptionCS&Title=Symmetric%20Key%20Encryption&Lang=C%23
encrypting files http://support.microsoft.com/kb/307010
more samples http://www.example-code.com/csharp/encryption.asp


a professional tool to encrypt your code http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm
0
 
LVL 11

Accepted Solution

by:
madgino earned 500 total points
Comment Utility
Do you control the hosting server, can you run aspnet_regiis on it?
See here the details:
http://msdn.microsoft.com/en-us/library/ff650304.aspx
0
 
LVL 19

Expert Comment

by:Amandeep Singh Bhullar
Comment Utility
0
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
"@Neilsr

yes, i read that... doesn't really provide a solution... just theories"

I beg to differ
Please READ THE WHOLE Article. It is not JUST THEORIES. It gives you a walkthough of how to use the Dotfuscator Community Edition with screen shots and menu keystroke explinations along the way.
BUT the theory is half the issue. If you dont understand what you are trying to do, you'll never do it properly.
 
0
 
LVL 15

Expert Comment

by:Russell_Venable
Comment Utility
gmailjini: DotFiscator is a obfiscator not encryption. If you use that for encryption for a business application you will have just open yourself up for a world of hurt.

@RakeshBhandari, if your trying to encrypt your database you can use System.Securtiy.Cryptography

here is a good reference: http://www.obviex.com/samples/EncryptionWithSalt.aspx use something like Rijndael to encrypt the usernames and passwords using a salt and just have your program asp file decrypt them with the salt and password to decrypt.


Also for encrypting your connections you can also use SSLStream

http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx







0
 
LVL 2

Author Comment

by:RakeshBhandari
Comment Utility
@madgino

the aspnet_regiis soln seems favourable... but im using .net3.5
how do i go on about doing it in my .net version?
0
 
LVL 11

Expert Comment

by:madgino
Comment Utility
No change, you use aspnet_regiis from .net 2.0, as .net 3.5 is just a layer added over 2
0
 
LVL 2

Author Closing Comment

by:RakeshBhandari
Comment Utility
thank you!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Please explain: Aspect Oriented Programming 2 51
ASP.Net Session State alternatives 3 26
Image(7) 1 33
ConsoleSql 1 14
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now