Agreed. I was making the point that this security protects the system, not the software author.
damon -----Original Message----- From: Moderated discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] Behalf Of Frans Bouma Sent: Monday, April 19, 2004 11:42 AM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] Application registration > I think there is a subtlety being missed here. I could create > an assembly, strong name it, and send it to you. You could > use ILDasm/ILAsm like Frans pointed out to remove my strong > name and any licensing checks I added. You could then apply > your strong name, and get all the functionality while > skipping the licensing. The one thing you couldn't do is > reapply my strong name to the modified assembly. So security > holds in the sense that you can't modify an assembly and > trick a system into thinking it was the original. ... if you don't modify the system also, then yes you can't do that. However why would a cracker stop there? A cracker's goal is to run a given app without a license. Now, as the app is available on the cracker's machine, as the original poster seeks protection for an application that is to be distributed (i.e. it's not a website/webapp :)), the cracker can do whatever he needs to do to get the app working. If the application is very valuable, a cracker is willing to go further than in other occasions. A good example is 3DStudio Max. It once was released with a dongle (don't know if it is still released that way). One crackgroup went so far to write a complete windows service which mimiced the dongle. So, signing an assembly will protect a host .exe from running an assembly which is signed using another key than expected, however that's not protecting IP, as you can remove the public key token from the reference inside the host .exe and use an altered assembly. FB =================================== This list is hosted by DevelopMentorŪ http://www.develop.com Some .NET courses you may be interested in: NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles http://www.develop.com/courses/gaspdotnetls View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorŪ http://www.develop.com Some .NET courses you may be interested in: NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles http://www.develop.com/courses/gaspdotnetls View archives and manage your subscription(s) at http://discuss.develop.com
