我可以保护我的ASP.NET应用程序不受反编译器的影
[英]Can I protect my ASP.NET application against decompilers?
问题描述
- I know also that ASP.NET when published can be precompiled
我也知道ASP.NET发布时可以预编译 - I know that .NET applications are compiled to MSIL that are easily reverted to any .NET language through tools like Red Gate's .NET Reflector. 我知道.NET应用程序被编译为MSIL,可以通过Red Gate的.NET Reflector等工具轻松恢复到任何.NET语言。
- I want to develop and deliver an ASP.NET site where the buyer will host the site and but cannot have access to the code. 我想开发并提供一个ASP.NET站点,买方将在该站点上托管该站点,但无法访问该代码。
There is any way to do that? 有什么方法可以做到吗?
14 个解决方案
解决方案1
8 2009-01-05 15:06:53
根据我的经验,混淆代码的人不会生成值得麻烦的代码。
解决方案2
5 2009-02-19 17:55:00
Tell them not to. 告诉他们不要。 You'll never stop a determined reverse engineer, but if it's in the contract, you'll have recourse against someone profiting from it. 你永远不会阻止一个坚定的逆向工程师,但如果它在合同中,你就可以追索从中获利的人。
Obfuscation makes debugging much harder, not only for you, but also for your customers if they're plugging into your code. 混淆使得调试变得更加困难,不仅对您而言,如果他们插入您的代码,也会为您的客户进行调试。
Another reason to avoid it is the temptation to slip towards including "secret" ports, encryption keys or handshakes. 避免它的另一个原因是倾向于包括“秘密”端口,加密密钥或握手。 You will need to find a very different model if you have any of these in your code. 如果您的代码中包含任何这些模型,则需要找到一个非常不同的模型。
解决方案3
3 2009-01-05 14:26:06
It might put you at ease to know that you don't actually publish your .cs/ .vb files with the website when you publish as a dll. 当您发布为dll时,它可能会让您放心地知道您实际上没有在网站上发布.cs / .vb文件。 I think this is the easiest road block to put in place. 我认为这是最容易实施的障碍。
I realize that you can still get code out of the DLLs but the source files themselves don't need to be there. 我意识到你仍然可以从DLL中获取代码,但源文件本身不需要存在。
Convert your web project into a Web Application and build it. 将您的Web项目转换为Web应用程序并构建它。 The output will be a dll. 输出将是一个DLL。 Push this along with all the media files (aspx, gif, png, etc.) out and your source should be hidden from less-than-diligent people. 将其与所有媒体文件(aspx,gif,png等)一起推出,你的来源应该隐藏在不那么勤奋的人身上。
解决方案4
3 已采纳 2009-02-19 17:53:19
It's called "obfuscation". 它被称为“混淆”。 There are commercial products which do that. 有商业产品可以做到这一点。 It will not exactly prevent decompiling, but it will mess up the insides of your program so much, that it will be difficult to make heads or tails of it. 它不会完全阻止反编译,但它会使你的程序内部如此混乱,以至于它很难做出正面或反面。
Note that it may also break your code under special circumstances, so you will have to play with its options until you get it to work. 请注意,它也可能会在特殊情况下破坏您的代码,因此您必须使用其选项,直到您开始工作。
Dotfuscator is a popular one, and a stripped-down free community version comes with Visual Studio (not sure which editions though). Dotfuscator是一个很受欢迎的版本,而Visual Studio则附带一个精简的免费社区版本(不知道哪个版本)。
解决方案5
2 2009-09-11 21:24:42
Just an idea but it may not be your case: 只是一个想法,但它可能不是你的情况:
Use web services in some point of your app if it is possible. 如果可能,请在应用的某个位置使用Web服务。 Distributed code makes that only the client logic is available to decompilation. 分布式代码使得只有客户端逻辑可用于反编译。
解决方案6
2 2010-11-14 09:28:29
Take a look into the Manco .NET Licensing System . 查看Manco .NET许可系统 。 It provide functionality for license protection, code obfuscation and code encryption. 它提供许可证保护,代码混淆和代码加密的功能。 The ASP.NET application can be protected using few different ways: using license keys or name of the domain from the HTTP request (http://mancosoftware.blogspot.com/2010/10/protect-aspnet-application-using-name.html), for example. 可以使用几种不同的方法保护ASP.NET应用程序:使用许可证密钥或HTTP请求中的域名(http://mancosoftware.blogspot.com/2010/10/protect-aspnet-application-using-name)。例如,html)。
解决方案7
1 2009-01-05 14:33:34
There is a way to precompile all aspx/ascx files in an ASP.NET web site or project using a Visual Studio project template: 有一种方法可以使用Visual Studio项目模板在ASP.NET网站或项目中预编译所有aspx / ascx文件:
Read here on ScottGu's blog: VS 2008 Web Deployment Project Support Released 请阅读ScottGu的博客: VS 2008 Web部署项目支持发布
Compiling the deployment project a single assembly is created for all your aspx/ascx files. 编译部署项目时,将为所有aspx / ascx文件创建单个程序集。
If you want to really hide (make unreadable) your source code, you should use a professional obfuscator software . 如果您想真正隐藏 (使其不可读)您的源代码,您应该使用专业的混淆器软件 。
解决方案8
1 2009-02-19 17:50:54
You can look into obfuscation. 你可以看一下混淆。 Dotfuscator is a good place to start. Dotfuscator是一个很好的起点。
解决方案9
0 2009-01-05 14:27:44
You are going down the right track. 你走的是正确的轨道。 THe DLL is a big help, but it can be de-compilied to at least get some. DLL是一个很大的帮助,但它可以被解构,至少得到一些。
Using an Obfuscator like Dotfuscator is a good extra step. 使用像Dotfuscator这样的混淆器是一个很好的额外步骤。 This FAQ is a good starting point to understanding Obfuscators 这个FAQ是了解Obfuscators的一个很好的起点
The key is to identify what you are looking at doing. 关键是要确定你正在做什么。 If you are deploying the code, it is going to be farily hard to stop someone from calling methods inside the code. 如果要部署代码,那么阻止某人调用代码中的方法将非常困难。 If you are just looking to prevent them from getting the actual source, that is easier and obfuscation should work. 如果你只是想阻止他们获得实际的来源,那就更容易了,混淆应该有效。
解决方案10
0 2009-01-05 14:28:43
I would always choose to pre compile the website into a DLL and not include the code online. 我总是选择将网站预先编译成DLL,而不是在线包含代码。 This means that anonymous users will not have access to your code. 这意味着匿名用户将无权访问您的代码。
However if you are concerned about people with admin access to the server it would be possible for them to disassemble your binaries into something almost readable. 但是,如果您担心具有管理员访问权限的人员,他们可能会将您的二进制文件反汇编成几乎可读的内容。
解决方案11
0 2009-01-05 14:56:40
Maybe I'm wrong, but I'm not convinced that IIS will serve any files from the bin folder (it doesn't for me anyway, and I assume this is by design in the same way that you cannot donwload web.config - it also won't even list the directory contents). 也许我错了,但我不相信IIS会提供bin文件夹中的任何文件(无论如何它都不适合我,我认为这是设计方式与你无法下载web.config一样 - 它甚至不会列出目录内容)。 If this is correct, then I'm not convinced there's a way for a hacker to obtain the dll in the first place, unless they can get filesystem access to the server. 如果这是正确的,那么我不相信黑客首先获得dll的方式,除非他们可以获得文件系统访问服务器。
If you follow the advice given above about compiling into a single dll, I don't think you need an obfuscator (unless you're concerned about people WITH filesystem access, in which case I think you have other problems!) 如果你按照上面给出的关于编译成单个dll的建议,我认为你不需要一个混淆器(除非你担心有文件系统访问的人,在这种情况下我认为你还有其他问题!)
解决方案12
0 2009-01-05 15:08:21
Which version of VS are you using? 您使用的是哪个版本的VS? In VS2005 SP1 there is a new project type called Web Deployment. 在VS2005 SP1中,有一个名为Web Deployment的新项目类型。 Right click on the website name in the solution explorer, and you should see an option "Add Web Deployment Project" - this adds a new project to your solution that will create a single DLL and alter the aspx pages to reference it. 右键单击解决方案资源管理器中的网站名称,您应该看到一个选项“添加Web部署项目” - 这会向您的解决方案添加一个新项目,该项目将创建一个DLL并更改aspx页面以引用它。
When you build the solitution, it creates in the web deployment project folder a version of the site with the single dll. 构建solitution时,它会在Web部署项目文件夹中创建具有单个dll的站点版本。 Copy this to the server, set up your db and any file system permissions (eg for uploads etc.) and you're away. 将其复制到服务器,设置您的数据库和任何文件系统权限(例如上传等),然后您就离开了。
解决方案13
0 2009-01-05 15:09:07
When you publish your project as binary, the compiler will create DLL(s) in the bin folder and all pages you have are also created, but not with code in, just one line that says its a marker file. 当您将项目发布为二进制文件时,编译器将在bin文件夹中创建DLL,并且还会创建您拥有的所有页面,但不会创建代码,只有一行表示其标记文件。 So when the user browse your site they will browse the pages as usual. 因此,当用户浏览您的网站时,他们将照常浏览网页。 Your pages will then on the serverside point to the right code in the dll 然后,您的页面将在服务器端指向DLL中的正确代码
解决方案14
0 2009-01-05 16:19:58
在发布为DLL之后,不要忘记将它(以及其他服务器端文件,如Web.config )放在IIS不提供的路径中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.