I wrote a program (using pure 3.5) in vb.net 2008. This is a decent size program. Part of this program is to use an online database and encrypt / decrypt files. I use a hardcod password to access DB. I used a hardcoded key for encrypt / decrypt files. Regardless of what happens, I will need to hardcode one of at least two things. For example: Even if I store the database password in an encrypted file, I would need a hardcode key to decrypt it, I or vice versa.
So after thinking about something I thought that I need to obscure my code so that at least these harsh elements / values are not easily visible. In order to actually test, I used a program to isolate my program. And in my amazement, it showed me every line of code in my program. I felt like my entire code has been pasted in my exe.
This way I need to obscure my code. I do not need very advanced settings. My program is not in top shareware programs or super popular, which I need very high security but I need adequate security so that my original code, variables and sensitive information (password etc.) do not appear.
Please help me choose a good ombudsman who will do the job. It should not be too tedious to use and should be enough for me plus it should be reliable and safe. I mean, I do not want to blur it after my application crashes or becomes unstable.
I downloaded the test of pure reactor from Ezraj and it looks fine. What do you guys suggest? If I can not do anything more than $ 200 then you are going for the value of this product, you know better
Thank you for your support.
Cheers, Saurabh
Chaos can not solve this problem. An attacker may change his hosts file to redirect to the domain that controls the domain name, when you login, it will get the user name / password.
Another attack will be to use the debugger, such as getting the username / password in the memory. Before using the username / password should be in the clear text, and an attacker will be able to find it.
Ever never work, you will never be able to control the customer.
A better method is to prepare your database operations to setup a SOAP (WCF) server. The logic should be server-side to build the questions. Assume that an attacker has full access to any of the tasks you reveal by SOAP.
Comments
Post a Comment