none
Layer's Security RRS feed

  • Question

  • Hi Dear Coders,
    I have project which has 4 layers. DataAccessLayer, BussinessObject, WebServices and The Application. WebServices use DataAccess. BussinessObject uses WebServices. And The Application Use Only BussinessObject which user can access application dlls. So there is a problem. When a user can reach the BussinessObject dll from or in my application bin folder he or she can access to webservices and web services can use DataaccesssLayer.  

    Is there any way to obstruct user couldn't use directly the dll? Only the application can use BussinessObject? And the other question is that. When i look up BussinessObject i can see WebServices Method. I don't want to see Web Servicess method except one class(general - because general class has some useable enums).
    sometimes i feel my self like a "." that i am at end of an meaned sentences or begining of it.
    Saturday, June 28, 2008 7:14 AM

All replies

  • Do you let your users make their own programs?  Giving them an easy-to-use GUI is the traditional approach.  Hiding the plumbing is never a problem.  Otherwise, there isn't much point in hiding or denying access to back-end layers, they'll just use the assemblies directly or use Reflection.
    Hans Passant.
    Saturday, June 28, 2008 7:15 PM
    Moderator
  • Hi,
    Exactly i don't want to they use my dll. Only my application could use. Can you give more information please? Thank you so much.
    sometimes i feel my self like a "." that i am at end of an meaned sentences or begining of it.
    Saturday, June 28, 2008 9:01 PM
  • I can't make that call.  There are many ways to make it just as hard for you to use your own DLLs as it would be to a "interested" customer.  Just use an obfuscator.  There are few, very few, that makes it easy for you but difficult for the geek.  I doubt you want to make it difficult for you to use your own software.  What exactly are you looking for?  What's the threat profile?  Where is the back-end?  Do you control it?  Why are you worried about it in the first place?  Are you trying to lock-in your customer so they'll always need you to do anything at all?

    Hans Passant.
    Saturday, June 28, 2008 11:18 PM
    Moderator
  • We made the dll to use web service. We don't want to people use the web service directly. So we made a dll to use web service. But when we use the dll in the application we can see web service in it. Because the webservice was in the reference of the dll. it's true and acceptable. But i don't want to see any web servis method in the dll when i use in the application. I want to hide web servis method. It shouldn't place in dll.

    Let me know if i didn't clear about what i want. Thanks.


    sometimes i feel my self like a "." that i am at end of an meaned sentences or begining of it.
    Sunday, June 29, 2008 8:25 AM