[Mono-list] Security Q

Sébastien Pouliot spouliot@videotron.ca
Wed, 08 Sep 2004 14:37:45 -0400

Hello Paul,

First you can make it (somewhat) harder but you can't stop anyone to
decompile your application (at least if they have the executable on their
machine), no matter how it is compiled.

Bytecode makes it easier to decompile and understand the code. So some
people sells obfuscators (easiest way) to make it harder (not impossible, or
even really harder) to decompile/understand an assembly. But that won't stop
someone *willing* to know what's inside your application.

Safest way is keeping your program to yourself (or trusted tiers) like
keeping its *valued* logic on a server and calling it as a web service. Then
you have moved your problem to securing that server ;-)


Sebastien Pouliot
home: spouliot@videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html

-----Original Message-----
From: mono-list-admin@lists.ximian.com
[mailto:mono-list-admin@lists.ximian.com]On Behalf Of PFJ
Sent: 8 septembre 2004 12:35
To: mono
Subject: [Mono-list] Security Q


What command while compiling my source code do I need to pass to mcs so
that the compiled code is not readable? I know there is a way to reverse
engineer C# code by looking at the bytecode and want to prevent someone
from doing this for a small security program I'm writing.


"If I face my God tomorrow, I can tell Him I am innocent.
I've never harmed anyone. I have cheated no one.
I have deceived no one. I have hurt no one.
Except myself. And that He will forgive me." - Hans Holzel