1

When delivering a DLL (C# project) file to a customer, there are parts of the library which are not part of the interface the customer should be allowed to use. What security mechanims do exist to restrict the access to the public interface?

Of course, one could set the other methods to private, protected, internal, but in the end, with help of some tools, we can always get access to these methods. So is there a real security technique to prevent this?

steveax
  • 17,527
  • 6
  • 44
  • 59
John Threepwood
  • 15,593
  • 27
  • 93
  • 149
  • Not really. .Net Reflector would still allow access if they wanted it bad enough. Even with obfuscation, that would only slow someone down. – Grant H. Sep 12 '13 at 17:30
  • 1
    Put the sensitive code in a Web Service inside a server you own and control, and have your application call that Web Service. That way your "secret" code will not be distributed together with your application. – Federico Berasategui Sep 12 '13 at 17:36

1 Answers1

5

Since this is tagged "C#" I'm going to have to say "No, there's no real security mechanism to prevent users from accessing the functions." .NET binaries can always be de-compiled, even when obfuscated.

The same goes for all .NET client applications (winforms, windows service, console, etc.) as covered in a similar question I asked a while back.

Quote from the selected answer:

In other words, you must consider the desktop application completely compromised, and if this is a risk, you must extract everything that must be secure (authentication, authorization, validation) to an external (web) service.

Community
  • 1
  • 1
David
  • 72,686
  • 18
  • 132
  • 173