.net Assembly security question
Question
I am creating an app with several DLLs and thought I could just call Assembly.GetPublicKey() at run time and see if the DLLs were signed by me. However, I now see there's a SetPublicKey method on the Assembly. Doesn't it make it easy for anyone to spoof my DLLs? Or am I checking the signature of the DLLs the wrong way?
Update: I have a plugin architecture and I am just trying to prevent someone hijacking my app by writing their own DLL.
2 answers
solution1
1 2010-08-19 15:58:40
Is your entire application in .NET? When you compile, any assembly that references another should require the assembly be properly signed, and .NET should be able to handle this, and it should be transparent to you. You should not have to check assemblies yourself.
solution2
0 2010-08-19 15:45:21
Not probably the suggested route but what I do for my DLL's is create a class and pass a private key to it to activate it.
var secureClass = new MyDLL.SecureClass("Password")
then on any method inside SecureClass i call the following before I put any code:
if IsActivated() = false then Alert_Not_Active() Return False End If
Maybe there is better options but this works perfect for me. Make sure to use an application like {Smart Assembly} to protect your code from Reflection if it's extremely important coding
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.