Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 766
  • Last Modified:

encrypt c# code?

dear experts,

currently i have 3-4 web apps (asp.net) . i have copied all the code [aspx + codebehind c#] onto the webserver alongwith the web.config file.

some of the c# pages as well as the web.config file has some database usernames & passwords in them.

i used "publish" option and made dll files out of c# code. however, these dll files are very easily readable just by opening them in notepad.

what can i do so that my source code is completely unreadable to others?
i've heard about dotfuscator but don't know how to use it or even whether it solves my purpose.

kindly help.
0
RakeshBhandari
Asked:
RakeshBhandari
  • 5
  • 4
  • 2
  • +5
1 Solution
 
Amandeep Singh BhullarCommented:
Can suggest you one thing.

Create the seperate DLL's include it in the Bin Folder.
Call all the functions from this DLL and this will solve your problem

For this you need to create the project of type "Class Library"

Hope this will help you
0
 
Neil RussellTechnical Development LeadCommented:
There is a great MSDN article on the subject here
http://msdn.microsoft.com/en-us/magazine/cc164058.aspx 
0
 
Jini JoseSenior .Net DeveloperCommented:
use web application instead of website. then compile and put aspx file and dll.  if you want to encrypt , then use dotfuscater.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
madginoCommented:
There is really no 100% safe solution.

If you have VS it comes with a limited free version of dotfuscator, it's easy to use, you open the project with it and rebuid it again, this time compiled.

There are better solutions on the market (including dotfuscator full version) but all costs money and in my opinion it desn't worth to invest in this as if you have a hacker wanting your code probably after a while he'll be able to get it (considering he's having access to the dlls).

Ofcourse it depends on how sensitive is your code for you.
0
 
RakeshBhandariAuthor Commented:
@Neilsr

yes, i read that... doesn't really provide a solution... just theories


@gmailjini

the DLLs are readable in notepad
0
 
RakeshBhandariAuthor Commented:
@madgino

thank you for your insight
but please guide me so that i can atleast have as much security as possible [even though it may not be 100% foolproof]
0
 
jdavistxCommented:
As far as I know, an obfuscation tool is your most likely route, but even then you're not guaranteed of preventing someone analyzing your code from but only making it much more difficult for them.

I want to say I've read some article about moving all of your C# code to com objects, or something weird, and that was some way to further complicate someone's life were they to look around at your code.

In the end, though, you can't be guaranteed that no one will be able to snoop around, but you can make it a lot harder for them.  I would go with one of the many available (albeit not always free) obfuscators: http://msdn.microsoft.com/en-us/vcsharp/aa336818.aspx
0
 
madginoCommented:
So the solution is to use one of the obfuscators available on the market, you have a list in above post.
As for quality of each it's hard to tell you should pick one based on your budget.
0
 
RakeshBhandariAuthor Commented:
i need encryption to hide my database connection strings
0
 
rockiroadsCommented:
if its just a case of usernames and passwords why don't you store that encrypted in the registry or a file or something, would be harder to get hold off
encrypting http://www.obviex.com/samples/Code.aspx?Source=EncryptionCS&Title=Symmetric%20Key%20Encryption&Lang=C%23
encrypting files http://support.microsoft.com/kb/307010
more samples http://www.example-code.com/csharp/encryption.asp


a professional tool to encrypt your code http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm
0
 
madginoCommented:
Do you control the hosting server, can you run aspnet_regiis on it?
See here the details:
http://msdn.microsoft.com/en-us/library/ff650304.aspx
0
 
Amandeep Singh BhullarCommented:
0
 
Neil RussellTechnical Development LeadCommented:
"@Neilsr

yes, i read that... doesn't really provide a solution... just theories"

I beg to differ
Please READ THE WHOLE Article. It is not JUST THEORIES. It gives you a walkthough of how to use the Dotfuscator Community Edition with screen shots and menu keystroke explinations along the way.
BUT the theory is half the issue. If you dont understand what you are trying to do, you'll never do it properly.
 
0
 
Russell_VenableCommented:
gmailjini: DotFiscator is a obfiscator not encryption. If you use that for encryption for a business application you will have just open yourself up for a world of hurt.

@RakeshBhandari, if your trying to encrypt your database you can use System.Securtiy.Cryptography

here is a good reference: http://www.obviex.com/samples/EncryptionWithSalt.aspx use something like Rijndael to encrypt the usernames and passwords using a salt and just have your program asp file decrypt them with the salt and password to decrypt.


Also for encrypting your connections you can also use SSLStream

http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx







0
 
RakeshBhandariAuthor Commented:
@madgino

the aspnet_regiis soln seems favourable... but im using .net3.5
how do i go on about doing it in my .net version?
0
 
madginoCommented:
No change, you use aspnet_regiis from .net 2.0, as .net 3.5 is just a layer added over 2
0
 
RakeshBhandariAuthor Commented:
thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now