Security and secure code isn't about hiding stuff. Its about a sound process and data flow. Concentrate on that instead of trying to make the runtime do something it was never designed to handle.
In defense of the original question, here's a real world situation I have had to deal with:
I am involved in commercial software that has an extremely small market, but the software is very valuable (i.e. pricey). Thus, each purchase of the software is very important, and it is critical that copies of the software cannot be freely made. We use various technological techniques to prevent unauthorized copying, in a variety of natively compiled languages.
However, none of these techniques would be practical under .NET, as it would be trivial to circumvent any copy protection scheme that I know of implemented in .NET (putting aside obfuscation). Without a copy protection scheme, venturing into a .NET version of our software could mean the end of new sales of the software.
So, as much as I would like to be developing that software with C#, under our current business model it is a prohibitively risky move to do so. So far, a middle ground for .NET languages has seemed a theoretical impossibility. Nothing is impossible, though. Maybe someone has some ideas on how to achieve a middle ground.
(I'm sure someone will be tempted to suggest we change our business model, or open-source the software...)
-- - Joshua Tauberer
http://taubz.for.net
** Nothing Unreal Exists **
_______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
