Windows Installer(.msi)。 自定义动作。 我是否需要混淆/保护用C#编写的自定义操作代码? 有没有办法拆解它?
[英]Windows Installer (.msi). Custom Actions. Do I need to obfuscate/protect Custom Actions code written on C#? Is there a way to disassemble it?
问题描述
We are developing desktop application and we use Wix toolset to create .msi installer. 
我们正在开发桌面应用程序,并使用Wix工具集创建.msi安装程序。
We use ".Net Reactor" to obfuscate and protect C# code. 我们使用“ .Net Reactor”来混淆和保护C#代码。 But we also have several Custom Actions (in the .msi) that we would like to protect as well. 但是,我们也有几个自定义动作(在.msi中)也要保护。
So the question is if we need to worry about protecting these and if so what would be the best way to protect them? 所以问题是我们是否需要担心保护它们,如果是的话,保护它们的最佳方法是什么? do we need to obfuscate all dlls that Custom Actions project depends on? 是否需要混淆“定制操作”项目所依赖的所有dll?
1 个解决方案
解决方案1
0 2019-01-19 14:55:46
No Sensitivity, No Problem : I second what Klaus said: does this code contain anything sensitive? 没有敏感性,没有问题 :我支持Klaus所说的: 该代码是否包含敏感内容? Usually the sensitive aspects would revolve around licensing or keys of some sort that you want to protect. 通常,敏感方面将围绕您要保护的许可或某种密钥 。 Be sure to compile Release mode binaries (would be nuts not to - runtime requirements would also not be met on normal machines). 确保编译发布模式的二进制文件(不要胡说-在普通计算机上也无法满足运行时要求)。
Protecting Sensitive Information : I wrote a whole check list some time ago on the issue of avoiding the distribution of sensitive information with your deployment solution: How do I avoid distributing sensitive information in my MSI by accident? 保护敏感信息 :我前段时间写了一个完整的清单,内容涉及使用部署解决方案避免敏感信息的分发 : 如何避免在MSI中意外分发敏感信息? (one of those sprawling answers that go off the rails while you write - might still be worth a skim). (在您撰写本文时,那些庞大的答案之一可能仍然值得一读)。
Native Code : If you have major concerns for sensitivity, I would compile a C++ custom action instead of a managed code custom action to make things more " down to the metal ".
Open Source : Quite frankly I would consider open sourcing my whole setup code if no sensitivity is present. 开源 :坦率地说,如果不存在敏感性,我会考虑开放我的整个安装代码。 Is users have a problem the can debug themselves - though the benefit of that in many cases can be pie-in-the-sky. 用户是否有可以自行调试的问题-尽管在许多情况下,这样做的好处可能是无足轻重的。 You can close-source single custom actions that need sensitivity. 您可以关闭需要敏感性的单个自定义操作的源。 I would use open source as a sales argument - yes, you can see our setup source to tweak to your environment if need be. 我会使用开源作为销售参数-是的,您可以看到我们的设置源以根据需要调整您的环境。
A setup is like a resume: it is only there as a vehicle to deliver something else of value? 设置就像是一份简历:它只是作为提供其他有价值的东西的工具吗? It has no value in and of itself. 它本身没有任何价值。 You want a sale of your software first and foremost? 您想首先出售软件吗? And security of course. 当然还有安全性。 Allowing users to compile their own setup from your sources could also lead to problems - of course. 允许用户从您的源编译自己的设置也可能导致问题-当然。 Do you want to support a self-compiled setup? 您要支持自编译设置吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.