views:

129

answers:

6

Hi All!

I want to secure my assembly (dll) by binding it to a specific environment. Say I have a dll (BizLogic.dll), I want to make it available to my co-developers to use it within the organization. But I don't want others to use it outside my organization.

Is there any way to address this issue?

Thanks in Advance.

-- Mohammed.

+1  A: 

Very little that will be actually effective. You can try the various license/key frameworks that are out there, but there are exactly zero that are 100% uncrackable.

Randolpho
+2  A: 

What do you mean by outside your organization?

Nevertheless, did you consider signing your assembly?

Shankar Ramachandran
Thanks for the quick responses.Well outside my organization I mean I have an assembly (bizLogic.dll) and a web application being developed by my co-developers. The web application is going to be reviewed by a third party outside the organization. I don't want they should modify the codebase (web). If so, my bizLogic.dll (which will be a black box for them) would intelligently detect and throw exception as it would found a change in Development Environment.Thanks,Mohammed.
humblecoder
@Mohammed I think now your Q is clearer.... by review you mean they review the functionaltiy of your web-app. Just give your assembly a Strong Name, Obfuscate your code and deploy in Release mode.
Shankar Ramachandran
@Xencor - Thanks for the quick tip.
humblecoder
Welcome :) --- if this answer helped you can "Accept it"..by clicking on the Tick Mark...below this answers's votes.
Shankar Ramachandran
@Xencor: Release build actually is very like Debug build (in most cases, but they actually are just names for build configuration). IMO you don't get additional security by deploying in Release mode.
Petar Repac
@Petar Repac Thats correct but this was to ensure that OP ships the deployable with a higher probability of optimization and less debug data.
Shankar Ramachandran
A: 

I found a similar question with answers.

Shimmy
A: 

Create a domain user, give that user the only read permissions to a db object. Set password never expires. Physically secure the password.

dll must be able to access (via your new user) db object to proceed.

Obfuscate your code.

Jim
A: 

Thanks for the quick responses.

Well outside my organization I mean I have an assembly (bizLogic.dll) and a web application being developed by my co-developers. The web application is going to be reviewed by a third party outside the organization. I don't want they should modify the codebase (web). If so, my bizLogic.dll (which will be a black box for them) would intelligently detect and throw exception as it would found a change in Development Environment.

Thanks,

Mohammed.

humblecoder
+5  A: 

What you're describing is not the problem that CAS was designed to solve. The .NET Code Access Security system was designed to protect benign users from hostile third party code. You are trying to do the opposite -- protect benign code from hostile users. If you give someone a hunk of code, they can do whatever they want to that code -- disassemble it, rewrite it, recompile it, whatever, and there's not much you can do technically to stop them.

Probably your best bet is to use other enforcement mechanisms, like make them sign a contract that says that they will not reverse-engineer or redistribute your code, and then sue them if they do. Or, simply don't give them the code in the first place. Make a web service and keep the code on your server, away from the people you don't trust.

Eric Lippert