tags:

views:

80

answers:

2
+1  Q: 

Dotfuscator with a Web App

I have a situation where the client would like to have some minimal security for their source code. It is a web app and the host will be someone they will be partnering with. The worry is that it would be easy for the host to reverse engineer the code and setup shop on the side. I told them while it was not a real solution, obfuscating the code would make it more difficult.

My first problem: I can’t obfuscate strongly named assemblies. I believe I can skip obfuscating those assemblies while maintaining a link to non-obfuscated assemblies, but I’m not able to easily test that because of my second problem.

My second problem: I can’t obfuscate a web (code-behind) assembly because the link from the markup to their classes is broken as well as the methods that the markup page calls.

A: 

You can obfuscate strongly named assemblies just fine, as long as you have the keys you can resign them after obfuscation. With the free Community Edition of Dotfuscator you will need to manually resign the outputs, with the Professional edition it can automatically resign them with a strong name and/or Authenticode signatures as part of the obfuscation process.

You can also obfuscate code behind assemblies but you will need to ensure that you exclude any types referenced in the markup from renaming. Again, this is possible to do in both the Community Edition and the Professional edition by setting renaming exclusion rules (either literal matching or Regular Expression based) or by selecting individual types and members to be excluded from renaming. All of that is accessed in the Renaming section of the Dotfuscator user interface.

If you have an active support subscription and encounter any specific issues when obfuscating you can contact support directly from the PreEmptive web page or PreEmptive also hosts public forums where you can post specific questions.

Joe Kuemerle  2010-03-11 16:27:05
A: 

You can use binding of events to control in code instead of in aspx file. Like in c# btnSave.Click += Save_Click and have `private void Save_Click(...).

you can also divide public/protected method code into small private methods which you can call from actual public/protected method and choose to obfuscate only private methods which will not break link from markup(i think it is library mode of obfuscation in Dotfuscator.)

This will allow you to achieve higher rate of obfuscation.

Morbia  2010-03-18 09:03:54

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?