[英]How can i protect my .net application from decompilers?
Okay so i have this C# application that connects to a database has the login and all that stuff but what if some guy just downloaded a decompiler saw my code got the connection string from my DB and did whatever he felt like?好的,所以我有这个连接到数据库的 C# 应用程序有登录名和所有这些东西,但是如果有人刚刚下载了一个反编译器,看到我的代码从我的数据库中获取了连接字符串,然后做任何他想做的事情怎么办? How can i protect myself from that?
我该如何保护自己免受这种伤害? And even if i could protect my connection string how could i protect my acctual code?
即使我可以保护我的连接字符串,我怎么能保护我的实际代码?
You should never store critical information in your assemblies, exactly for this reason.正是出于这个原因,您永远不应该在程序集中存储关键信息。 There are numerous ways to obfuscate the information but they only delay the inevitable.
有很多方法可以混淆信息,但它们只会延迟不可避免的事情。
Remember: Security by obscurity is not safe记住:默默无闻的安全并不安全
but what if some guy just downloaded a decompiler saw my code got the connection string from my DB and did whatever he felt like?
但是如果有人刚刚下载了一个反编译器,看到我的代码从我的数据库中获取了连接字符串,然后做任何他想做的事情怎么办? How can i protect myself from that?
我该如何保护自己免受这种伤害?
That's a shame, isn't it ?这是一种耻辱,不是吗? There are only a few things you can do for that :
您只能为此做几件事:
Hope it helps :) Cheers希望它有帮助:) 干杯
Connection strings can be encrypted in the config file连接字符串可以在配置文件中加密
Connection Strings and Configuration Files 连接字符串和配置文件
However, you cannot truly protect your code from people wishing to view what it does, you can only make it harder by obfuscation.但是,您无法真正保护您的代码免受希望查看其功能的人的影响,您只能通过混淆来使其更难。
I would add that a proper security model could restrict access to both the physical files, and the database 'data', but that does depend on your deployment model.我想补充一点,适当的安全模型可以限制对物理文件和数据库“数据”的访问,但这取决于您的部署模型。
您应该将连接字符串存储在 app.config 或 web.config 文件中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.