Thanks all for your ideas. i am still confused but saving Key on remote
server will help so i will try that and get back to you guys.
You can read messages from the DOTNET archive, unsubscribe from DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
See MS Press Book "Writing Secure Code" ISBN: 0735615888 under "Storing
Secrets" for a discussion of this problem.
You can read messages from the DOTNET archive, unsubscribe from DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
connects to the map-point
service using the key? That way the key never needs to be distributed to
clients.
Kirk
-Original Message-
From: Dan Souk [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 14 May 2002 4:52 a.m.
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
You could have all MapPoint calls proxied by your own server, which
could safely hold the MapPoint stuff. You've got to handle
authentication between the client and your own server, but at least
you're not handing your MapPoint autentication details out to everybody.
So are we saying that MapPoin
All that needs to be hijacked is the return value
(but at least the original key is still unknown).
-Pete
-Original Message-
From: dotnet discussion [mailto:[EMAIL PROTECTED]]On Behalf Of
Brad Wilson
Sent: Monday, May 13, 2002 12:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of
thing?
-Original Message-
From: dotnet discussion [mailto:[EMAIL PROTECTED]] On Behalf Of
Peter Vertes
Sent: Monday, May 13, 2002 11:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
The original key doesn't get transmitted via the network nor does it get
Peter Vertes wrote:
> The original key doesn't get transmitted via the network nor does it get
> hard coded.
Two comments.
First, "strSecretKey" is your key. How do you not call that hard-coded?
Second, did you read the original post? Someone is trying to find a way to
hide the key they need t
ROTECTED]]On Behalf Of
Peter Vertes
Sent: Monday, May 13, 2002 7:40 PM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
The original key doesn't get transmitted via the network nor does it get
hard coded. Consider this: you have a remote machine that has a serv
discussion [mailto:[EMAIL PROTECTED]]On Behalf Of
Brad Wilson
Sent: Monday, May 13, 2002 12:21 PM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
Peter Vertes wrote:
> How about storing the key on a remote server ? When you need it you
connect
> to it get it. Or ex
--- Peter Vertes <[EMAIL PROTECTED]> wrote:
> How about storing the key on a remote server ? When you need it you connect
> to it get it. Or extending on this idea; you could store the key on a
You could simply look for the code that gets it from the remote server and see what
the return
value
Peter Vertes wrote:
> How about storing the key on a remote server ? When you need it you connect
> to it get it. Or extending on this idea; you could store the key on a
> remote server, when you need to authenticate you call the authentication
> code on the remote server side and have it spit
t: Re: [DOTNET] Hide part of code from Developers
I know that's the problem. I can put the key in registry and read it on
runtime but that's not safe either. Any other ideas?
You can read messages from the DOTNET archive, unsubscribe from DOTNET, or
subscribe to other DevelopMento
Brent E. Rector wrote:
> There is no absolutely secure way of doing this. It all boils down to
> how hard do you want to make them work to get the key.
+1. Anything that the code can do automatically, a person can walk the code
to discover it as well.
Brad
--
Read my web log at http://www.qual
Hide part of code from Developers
Wouldn't obfuscating data be under the heading of cryptography?
-Original Message-
From: Brad Wilson [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 13, 2002 9:28 AM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
Kev
Wouldn't obfuscating data be under the heading of cryptography?
-Original Message-
From: Brad Wilson [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 13, 2002 9:28 AM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
Kevin Hector wrote:
> actually, i j
>I've never seen an obfuscator that obfuscates data, only symbols and code.
makes sense, although Preemptive say string encryption is coming in a later
release of the 'Pro' edition.
_
Send and receive Hotmail on your mobile device:
actually, i just read the user guide and can't find any reference to
obfuscating internal data, but at least they have a 'community edition'
which is a free, command-line only code obfuscator
>have a look at the current frontpage of www.gotdotnet.com. they have a link
>to "dotfuscator" from Pree
Kevin Hector wrote:
> actually, i just read the user guide and can't find any reference to
> obfuscating internal data, but at least they have a 'community edition'
> which is a free, command-line only code obfuscator
I've never seen an obfuscator that obfuscates data, only symbols and code.
Br
have a look at the current frontpage of www.gotdotnet.com. they have a link
to "dotfuscator" from Preemptive Solutions Inc., which may fit the bill
kevin
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmai
From: dotnet discussion [mailto:[EMAIL PROTECTED]] On Behalf Of
Farhan Sh
Sent: Monday, May 13, 2002 2:58 PM
To: [EMAIL PROTECTED]
Subject: Re: [DOTNET] Hide part of code from Developers
I know that's the problem. I can put the key in registry and read it on
runtime but that's not s
> is there a way to protect .NET code from developers to see? I am developing
> MapPoint .NET app and it has hard coded Key info in it and i don't want
> developers to see that. What are some ways to get around this?
This has been extensively discussed in the past. Search the archives for
"obfu
TECTED]]
> Sent: Monday, May 13, 2002 8:58 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [DOTNET] Hide part of code from Developers
>
>
> I know that's the problem. I can put the key in registry and
> read it on runtime but that's not safe either. Any other ideas?
>
I know that's the problem. I can put the key in registry and read it on
runtime but that's not safe either. Any other ideas?
You can read messages from the DOTNET archive, unsubscribe from DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
Message-
From: dotnet discussion [mailto:[EMAIL PROTECTED]] On Behalf Of
Farhan
Sent: Monday, May 13, 2002 2:51 PM
To: [EMAIL PROTECTED]
Subject: [DOTNET] Hide part of code from Developers
Hi,
is there a way to protect .NET code from developers to see? I am
developing MapPoint .NET app and it
Hi,
is there a way to protect .NET code from developers to see? I am developing
MapPoint .NET app and it has hard coded Key info in it and i don't want
developers to see that. What are some ways to get around this?
Thanks,
Farhan
You can read messages from the DOTNET archive, unsubscribe from D
25 matches
Mail list logo
