Hi SO community
I have been issued a problem with security. A bank will not allow use of DLL's in the project. What sort of structure would be needed to allow DataAccess and or the use of external services (like an email client mailchimp, icontct).
has anyone else encountered this sort of problem before? If they have how should the project be structured (.net 3.5+).
Thanks, KJ
I believe you can do this with ILMerge. Basically, you merge all the required DLLs into the main EXE.
Do you mean that no external DLLs can be used? .NET is basically a series of DLLs (the BCL) + the runtime. However, I can imagine that this bank wants to be able to inspect your application code without having to inspect any external assemblies by using .NET Reflector. In that scenario even using ILMerge won't do the trick, because this doesn't make the security problem go away. It will just hide those external assemblies inside your application assemblies and make everything even harder to inspect.
I think you only option is to use as little external frameworks as possible and if you use them, let the bank inspect them with .NET Reflector and show exactly which configuration you use.
To be honest, I think it is pretty hard to be very productive without the use of external libraries. Take for instance a logging framework. Even the simplest application benefits from having a logging framework.
You might want to clarify their requirement. I suspect that when the bank says "no dlls" they really mean "no custom dlls in system32". If this is really what they mean, you should be fine using dlls in your app folder (or if it's a web app - in its bin folder).
If that turns out not to be the case, and they really prohibit usage of any DLLs not already preinstalled on their systems, you should still be able use .Net framework just the same. The CLR/BCL assemblies are loaded from the GAC and are preinstalled on any machine that has .Net.
Of course, if they don't have .Net installed on their machines... :-)