Thread: Security Issue with C#

  1. 01-03-2008 #1
    abachler
    abachler is offline
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195

    Security Issue with C#

    There is a security issue with C# in that it is almost tivial to reverse compile the executable back into source code. There are several tools on the net that will do this. This makes it completely unsuitable for commercial development where the value of the IP is a major concern.
  2. 01-03-2008 #2
    CornedBee
    CornedBee is offline
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    And you felt it necessary to create a thread for this?

    1) There are code obfuscators that make it very difficult to recover code that you can learn from.
    2) All code can be reverse engineered. With CIL it's just a bit easier.
    3) If you really have IP in your code that you feel is unsuitably protected by copyright laws, you can't distribute it to users. Make it a web service running on a server you control.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law
  3. 01-04-2008 #3
    nvoigt
    nvoigt is offline
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    The client is in the hands of the enemy.

    If you don't want parts of your code reverse engineered, don't give it away. That simple. And it's the same for any programming language. Is it easier with .NET ? Yes. But who cares. If it's worth being reverse engineered, it will be done, even if you write it in hand optimized and obfuscated ASM. Don't give users access to the parts you want to keep secret. In any language.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.
  4. 01-04-2008 #4
    abachler
    abachler is offline
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by CornedBee View Post
    And you felt it necessary to create a thread for this?
    Sure why not. Its a concern. The fact is that C# is far easier than other languages to reverse engineer. Obfuscation can't be used for performance critical code, as it tends to muck up the optimizations.
  5. 01-05-2008 #5
    nvoigt
    nvoigt is offline
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    I like C# or .NET, but I'd go as far as saying C# can't be used for performance critical code. If you have super secret performance critical code, write a C/C++ DLL and put it on the server side.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. float calculation issue
    By George2 in forum C# Programming
    Replies: 1
    Last Post: 05-26-2008, 04:56 AM
  2. type safe issue
    By George2 in forum C++ Programming
    Replies: 4
    Last Post: 02-12-2008, 09:32 PM
  3. Sockets, multi home, multicast, security, complicated issue
    By ekymk in forum Networking/Device Communication
    Replies: 6
    Last Post: 08-13-2004, 02:12 AM
  4. Security on automated home
    By stimpyzu in forum A Brief History of Cprogramming.com
    Replies: 4
    Last Post: 04-11-2004, 01:14 AM
  5. Painfully true but funny...
    By shaik786 in forum A Brief History of Cprogramming.com
    Replies: 8
    Last Post: 04-01-2003, 03:39 PM