Want More Security?


If you feel that everything we discussed in this chapter is still not enough security for you, do a code reset of your product and rewrite it for the .NET Framework. In fact, when I'm asked to describe .NET in one word, my answer is security. .NET is secure for many reasons, including these:

  • Strong-named assemblies (DLLs or EXEs) provide certificates that guarantee their uniqueness and authenticity.

  • The garbage collector manages memory, so leaks are virtually impossible. This eliminates malicious virus or worm attacks.

  • You have the ability to confine code to run in administrator-defined security contexts, which is another safeguard against worms and viruses.

  • Code access security revolves around the identity of source code, not user identity. This eliminates impersonation attacks.

  • The .NET security system functions atop traditional operating system security, adding another layer of security that is already present.

Richter on .NET Security

Now, if you are familiar with .NET, you probably know that some people question its security because source code written for the .NET Framework can be disassembled easily. Jeffrey Richter, the .NET Framework book author and guru that I've already mentioned a couple of times, points out that most of your application probably isn't worth protecting. As he says, no one really cares how your Copy command works, and even if someone does, those details are probably not giving you a competitive advantage. For those few parts that do give you a competitive advantage, you have a few options:

  • Split those portions into an unmanaged DLL and use interop to call into it.

  • Use one of the many obfuscator tools to spindle, fold, and mutilate your code.

  • Wait for digital rights management, which Richter characterizes as "the real solution," to become real. Microsoft will be moving DRM into the .NET runtime at some point in the not-so-distant future.

I don't want this chapter to become a .NET advertisement or a .NET book. I just want to point out that this is another option that you might want to consider to provide security to your code.




The Build Master(c) Microsoft's Software Configuration Management Best Practices
The Build Master: Microsofts Software Configuration Management Best Practices
ISBN: 0321332059
EAN: 2147483647
Year: 2006
Pages: 186

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net