Curious.... say that each method checked a class-wide global variable to see if it could run. Now, this global variable would be set to true, if the user had successfully authenticated himself.
Even with ILDasm, there wouldn't be anyway to change the value of the variable at all, as long as the assembly was signed with a strong name key, correct? Would this provide enough protection? I'm sure the other ways mentioned are better, but I'm just curious if this would work, or is it still "hackable" by changing the MSIL? Brian -----Original Message----- From: Joe Reich [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 3:05 PM To: [EMAIL PROTECTED] Subject: Re: [DOTNET] Howto secure class libraries <grin> That's why I said keep honest people honest. I maintain that 99% of users don't even bother, and 90% of that last 01% will give up when they see they cannot immediately use it 'out of the box'. Of course that leaves that .01% of people that will find a way. How important is it to protect the software against those .01% of users and is it worth the TCO to protect it. Not saying it isn't worth it, I just always ask how 'worth it' is it for the required cost. Although it doesn't sound like your option is much more 'costly' than anything else...so nevermind. > -----Original Message----- > From: Jason Bock [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 22, 2002 2:36 PM > To: [EMAIL PROTECTED] > Subject: Re: [DOTNET] Howto secure class libraries > > >On Mon, 22 Apr 2002 14:26:15 -0400, Joe Reich > ><[EMAIL PROTECTED]> wrote: > > > >Create each class with a password as part of > >the constructor? > > > >Really, you're only trying to keep the honest > >people honest here, right? > >How super effective does this have to be..? > > That's too easy to break via ILDasm (assuming that > the client has that installed, but all it would take > is one clever user :) ). I think if Peter strong-named > the EXE and then did a LinkDemand in the DLL on that strong-name that > should be enough. Assuming that the private key is kept secure on > Peter's box (or whatever box builds are done on, etc.), no other > client should be able to access the DLL except the EXE. > > Regards, > Jason > You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
