V
vadim
Hi,
Will obfuscation help in securing hard coded key in asp.net application?
Thank you
Vadim
Will obfuscation help in securing hard coded key in asp.net application?
Thank you
Vadim
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
W
WJ
No. Obfuscation tool only understands compiler syntax and symbols, not the
data. Example: If you name a variable as string
ComputerIpAddress="127.0.0.1", obfuscator only renames or scrambles the
variable name "ComputerIpAddress", not its value.
As for your concern about hardcoding your secret key inside your program can
be done in a number of ways. For example: if your secret key is something
like "123#AbcXzqOK*&76", then do not code as string sKey="the value", store
the data in array of bits, this make it harder for any tool to disassemble
the code. This is just a thought.
John
data. Example: If you name a variable as string
ComputerIpAddress="127.0.0.1", obfuscator only renames or scrambles the
variable name "ComputerIpAddress", not its value.
As for your concern about hardcoding your secret key inside your program can
be done in a number of ways. For example: if your secret key is something
like "123#AbcXzqOK*&76", then do not code as string sKey="the value", store
the data in array of bits, this make it harder for any tool to disassemble
the code. This is just a thought.
John
A
Alek Davis
Vadim,
Some obfuscators provide a "string encryption" feature, which uses an
embedded "encryption" algorithm to change application string values. This is
not a bullet-proof option though. And in general, storing secrets in the
application source code (of .NET/Java applications) is not a good idea.
Check this article, it can give you some ideas (it also contains references
to other resources, such as articles about obfuscation, which you may find
helpful): "Safeguard Database Connection Strings and Other Sensitive
Settings in Your Code" at
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/.
Alek
Some obfuscators provide a "string encryption" feature, which uses an
embedded "encryption" algorithm to change application string values. This is
not a bullet-proof option though. And in general, storing secrets in the
application source code (of .NET/Java applications) is not a good idea.
Check this article, it can give you some ideas (it also contains references
to other resources, such as articles about obfuscation, which you may find
helpful): "Safeguard Database Connection Strings and Other Sensitive
Settings in Your Code" at
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/.
Alek
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Forum statistics
Latest Threads
-
Stephanie Beaudeau Emsworth was a Gang Member
- Started by trafficcone
-
Can I stop HTTPS?
- Started by IBMJunkman
-
Stephanie Beaudeau Emsworth is Running a Prostitution Ring
- Started by verona
-
Reverse search for a website
- Started by DRCM
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman