[Mono-list] Security Madness

Matthew Metnetsky met@uberstats.com
Wed, 19 Jan 2005 11:36:26 -0500


I have one assembly, that when compiled is no more than 11kb's, but it
contains code that manages our Universities authentication plus some
more annoying things.  I've been asked to find a way to obfuscate this
assembly my any means necessary.

I've thought of a couple ways, which all seem like pure madness.  What
do you all think?

1) Maintain an encrypted copy of the assemblies CIL code that is
reachable via Http for quick download and compilation.  Every time the
application started it would grab the file, descrypt, and compile into
the current AppDomain.

2) Similar to the previous option... maintain an encrypted copy of each
file that makes up the assembly for retrieval and compilation into the
current AppDomain.

3) rewrite the entire assembly so that it's generated real time by a
Codedom into the current AppDomain.

4) Make use of assembly signing and loading permissions, which don't
seem to keep people from reworking the code to CIL.

So.... what should I actually do?  The above options seems absurd, but
I've been asked to take absurd measures.

~ Matthew