Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

encrypt c# code?

Posted on 2010-09-02
17
Medium Priority
?
752 Views
Last Modified: 2012-05-10
dear experts,

currently i have 3-4 web apps (asp.net) . i have copied all the code [aspx + codebehind c#] onto the webserver alongwith the web.config file.

some of the c# pages as well as the web.config file has some database usernames & passwords in them.

i used "publish" option and made dll files out of c# code. however, these dll files are very easily readable just by opening them in notepad.

what can i do so that my source code is completely unreadable to others?
i've heard about dotfuscator but don't know how to use it or even whether it solves my purpose.

kindly help.
0
Comment
Question by:RakeshBhandari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +5
17 Comments
 
LVL 19

Expert Comment

by:Amandeep Singh Bhullar
ID: 33586133
Can suggest you one thing.

Create the seperate DLL's include it in the Bin Folder.
Call all the functions from this DLL and this will solve your problem

For this you need to create the project of type "Class Library"

Hope this will help you
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33586149
There is a great MSDN article on the subject here
http://msdn.microsoft.com/en-us/magazine/cc164058.aspx 
0
 
LVL 10

Expert Comment

by:Jini Jose
ID: 33586158
use web application instead of website. then compile and put aspx file and dll.  if you want to encrypt , then use dotfuscater.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 11

Expert Comment

by:madgino
ID: 33586166
There is really no 100% safe solution.

If you have VS it comes with a limited free version of dotfuscator, it's easy to use, you open the project with it and rebuid it again, this time compiled.

There are better solutions on the market (including dotfuscator full version) but all costs money and in my opinion it desn't worth to invest in this as if you have a hacker wanting your code probably after a while he'll be able to get it (considering he's having access to the dlls).

Ofcourse it depends on how sensitive is your code for you.
0
 
LVL 2

Author Comment

by:RakeshBhandari
ID: 33586177
@Neilsr

yes, i read that... doesn't really provide a solution... just theories


@gmailjini

the DLLs are readable in notepad
0
 
LVL 2

Author Comment

by:RakeshBhandari
ID: 33586218
@madgino

thank you for your insight
but please guide me so that i can atleast have as much security as possible [even though it may not be 100% foolproof]
0
 
LVL 7

Expert Comment

by:jdavistx
ID: 33586244
As far as I know, an obfuscation tool is your most likely route, but even then you're not guaranteed of preventing someone analyzing your code from but only making it much more difficult for them.

I want to say I've read some article about moving all of your C# code to com objects, or something weird, and that was some way to further complicate someone's life were they to look around at your code.

In the end, though, you can't be guaranteed that no one will be able to snoop around, but you can make it a lot harder for them.  I would go with one of the many available (albeit not always free) obfuscators: http://msdn.microsoft.com/en-us/vcsharp/aa336818.aspx
0
 
LVL 11

Expert Comment

by:madgino
ID: 33586378
So the solution is to use one of the obfuscators available on the market, you have a list in above post.
As for quality of each it's hard to tell you should pick one based on your budget.
0
 
LVL 2

Author Comment

by:RakeshBhandari
ID: 33586470
i need encryption to hide my database connection strings
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 33586719
if its just a case of usernames and passwords why don't you store that encrypted in the registry or a file or something, would be harder to get hold off
encrypting http://www.obviex.com/samples/Code.aspx?Source=EncryptionCS&Title=Symmetric%20Key%20Encryption&Lang=C%23
encrypting files http://support.microsoft.com/kb/307010
more samples http://www.example-code.com/csharp/encryption.asp


a professional tool to encrypt your code http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm
0
 
LVL 11

Accepted Solution

by:
madgino earned 2000 total points
ID: 33587362
Do you control the hosting server, can you run aspnet_regiis on it?
See here the details:
http://msdn.microsoft.com/en-us/library/ff650304.aspx
0
 
LVL 19

Expert Comment

by:Amandeep Singh Bhullar
ID: 33587914
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33588114
"@Neilsr

yes, i read that... doesn't really provide a solution... just theories"

I beg to differ
Please READ THE WHOLE Article. It is not JUST THEORIES. It gives you a walkthough of how to use the Dotfuscator Community Edition with screen shots and menu keystroke explinations along the way.
BUT the theory is half the issue. If you dont understand what you are trying to do, you'll never do it properly.
 
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 33590127
gmailjini: DotFiscator is a obfiscator not encryption. If you use that for encryption for a business application you will have just open yourself up for a world of hurt.

@RakeshBhandari, if your trying to encrypt your database you can use System.Securtiy.Cryptography

here is a good reference: http://www.obviex.com/samples/EncryptionWithSalt.aspx use something like Rijndael to encrypt the usernames and passwords using a salt and just have your program asp file decrypt them with the salt and password to decrypt.


Also for encrypting your connections you can also use SSLStream

http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx







0
 
LVL 2

Author Comment

by:RakeshBhandari
ID: 33633612
@madgino

the aspnet_regiis soln seems favourable... but im using .net3.5
how do i go on about doing it in my .net version?
0
 
LVL 11

Expert Comment

by:madgino
ID: 33634807
No change, you use aspnet_regiis from .net 2.0, as .net 3.5 is just a layer added over 2
0
 
LVL 2

Author Closing Comment

by:RakeshBhandari
ID: 33660010
thank you!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question