none
Secret Code: C#

    Question

  • Hello,
     
    Becuse of security reasons i have to implement a code in my project which is invisible to other programmers (any other windows user or anybody who has an editor, programming environment etc.). How can i achieve this. A password implementation or encryption of a specific parts of code is also from my side acceptable. Any leads would be helpful.

    Thanks,

    Evren
    automation eng. in programming
    Monday, July 14, 2008 4:26 PM

Answers

  • What you want to do is called code obfuscation, but this usually applies to the compiled assembly so that it can't be examined very easily using programs like Reflector.  What code obfuscation does is rename symbols to things that are not easy for a human to read.  See http://www.rustemsoft.com/Skater.asp for an application that will obfuscate .Net assemblies.

    Now, if you want to keep people out of your original source files, then the best thing to do is to make them unavailable.  Store them on drives that other people do not have access to, or in a source control database, such as Visual Source Safe, that can be made to require a developer login.

    Finally, if you are truly paranoid, there are many applications that will encrypt files.  You can encrypt your source files, then decrypt them when you need to open them.  This isn't a very convenient way to do things.

    In short, here are your options:

    1) Write very obfuscated, difficult to read (and maintain) code that nobody will understand.
    2) Store your code on a secure server that only trusted individuals can access. Use a source control program like VSS, CVS, Subversion, or Team Foundation Server, to provide access to the source files.
    3) Use a code obfuscator, such as Skater, to obfuscate your assemblies once they have been built.
    4) Encrypt all of your files so that other people can't read them if they have to be put in public places.
    • Proposed as answer by NET Junkie Sunday, July 20, 2008 11:05 PM
    • Marked as answer by Zhi-Xin Ye Monday, July 21, 2008 6:16 AM
    Monday, July 14, 2008 5:33 PM

All replies

  • What you want to do is called code obfuscation, but this usually applies to the compiled assembly so that it can't be examined very easily using programs like Reflector.  What code obfuscation does is rename symbols to things that are not easy for a human to read.  See http://www.rustemsoft.com/Skater.asp for an application that will obfuscate .Net assemblies.

    Now, if you want to keep people out of your original source files, then the best thing to do is to make them unavailable.  Store them on drives that other people do not have access to, or in a source control database, such as Visual Source Safe, that can be made to require a developer login.

    Finally, if you are truly paranoid, there are many applications that will encrypt files.  You can encrypt your source files, then decrypt them when you need to open them.  This isn't a very convenient way to do things.

    In short, here are your options:

    1) Write very obfuscated, difficult to read (and maintain) code that nobody will understand.
    2) Store your code on a secure server that only trusted individuals can access. Use a source control program like VSS, CVS, Subversion, or Team Foundation Server, to provide access to the source files.
    3) Use a code obfuscator, such as Skater, to obfuscate your assemblies once they have been built.
    4) Encrypt all of your files so that other people can't read them if they have to be put in public places.
    • Proposed as answer by NET Junkie Sunday, July 20, 2008 11:05 PM
    • Marked as answer by Zhi-Xin Ye Monday, July 21, 2008 6:16 AM
    Monday, July 14, 2008 5:33 PM
  • Compiled code (especially managed code) can easily be decompiled. Even obfuscated code can eventually be read. Dependent on your security needs, you could consider moving the sensitive business logic to a secured server and allow users to access -only- the functionality (but not the code or assemblies) through a remote service (like a web service). This way others can't access the code.


    Visit my blog: http://www.cuttingedge.it/blogs/steven/
    • Edited by NET Junkie Sunday, April 05, 2009 3:42 PM
    • Proposed as answer by NET Junkie Sunday, April 05, 2009 3:43 PM
    Wednesday, July 16, 2008 5:25 PM
  • Other should be able to access the code but in development environment should not see some part of the code. That is what we need.
    automation eng. in programming
    Friday, July 25, 2008 7:41 AM
  • The best solution is to use .NET Obfuscator. It protects source code from being decompiled and stops reverse engineering of application. More advance security techniques also can use to protect our source code like anti debugging, string encryption, control flow changing, etc.
    Thursday, April 26, 2012 6:59 AM