Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Protect .DLLs from other projects using it

Status
Not open for further replies.

edelwater

Programmer
Jun 29, 2000
203
EU
Hi, i've got a little question, maybe someone can help me here for finding the answer or pointing me to a reference for the answer :

I've got an extensive ASP.NET website consisting of multiple projects/assemblies and MSDE support.

I can not guarantee that files of the website are only open to a select amount of persons.

So :

a) i encrypted the web.config settings
b) made a class containing the key and the crypto decrypto classes
c) garbled my code

So...it is (i agree not the fulliest) protected BUT... when someone would link in the DLL, he can just use my decrypt and encrypt settings.

Can i prevent someone from using my DLL's ?










Edward@de-leau.com
 
You can tweak web.config to restrict access to a resource/ limit access to certain users/roles. You can also crank down permissions on the resource, then only grant permission (through impersonation) under certain circumstances.
 
well..not exactly... let me specify this further (thanks for reacting) :

I've got a large asp.net application.

For demo purposes the customer wanted a version he could use on cd and then install it at some sites around the world.

Since i didnt want to create a windows forms application (i wanted to create one code-base for maintenance and work involved), i created a setup which installs (optionally) .Net 1.1, MSDE2000, a mini webserver and the web application.

But since it is now uncontrollably installed from cd i know the MSDE2000 database is protected ( i copied the SQL Server mdf and ldf along with it) but the dll's are not. I use an obfuscuator to obfuscuate them but the dll's can in theorie still be linked from another project which then can call the decrypt routine to decrypt the web.config....











Edward@de-leau.com
 
Sorry - once you've obfuscated your code, that's about as far as you can go. After that you have to rely on your software license.

One thing you might want to look into is using one of the software protection keys (HASP, Marx, etc) that need a physical device plugged into the parallel port or USB port.

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first
 
I cant believe that true ??? wow.

So ... everyone can always link a dll in their project as soon as they have somehow acquired it ?

Edward@de-leau.com
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top