2

I am using Eazfuscator.NET to obfuscate my .NET website and to really get good obfuscating want to use the code virtulization option, however when I then try to login to the website that is obfuscated the server cpu spikes to 100% and the page times out, if I turn this obfuscation feature off then the pages work fine but the dll is then more readable.

The option I am using in the AssemblyInfo.cs is as follows:

[assembly: Obfuscation(Feature = "Apply to type *: apply to member * when method or constructor: virtualization", Exclude = false)]

Does anyone know why this may occur and how I can avoid the cpu spike but still have decent obfuscated code?

Apqu
  • 4,880
  • 8
  • 42
  • 68
  • 2
    Nobody but you should have access to any code that it running on the backend of a website. Are you sure you need obfuscation for your code? – nvoigt Mar 06 '15 at 09:41
  • @nvoigt We have a customer that wants to run everything from their servers (including the website) therefore we are trying to protect it as much as possible. – Apqu Mar 06 '15 at 09:42
  • Okay, that makes a lot more sense then :) – nvoigt Mar 06 '15 at 09:43
  • @nvoigt Yes :-) Don't suppose you have any idea why the cpu would spike? ;-) – Apqu Mar 06 '15 at 09:44
  • 5
    Contracts protect you better than obfuscation. – Sam Axe Mar 06 '15 at 09:48
  • @Dan-o True, any idea where I could find a sample of a decent contract? – Apqu Mar 06 '15 at 09:55
  • Your lawyer should have one. Check his office computer. Or ask him. (unless him is her in which case... you know... replace the pronouns) – Sam Axe Mar 06 '15 at 09:56
  • Is this a shrink wrapped package or work for hire? If you are doing work for hire the code probably doesn't belong to you. – Matthew Whited Apr 26 '16 at 17:09

2 Answers2

2

Please consider the following approaches:

  1. Virtualization of everything is an obvious overkill. Please consider to selectively virtualize important methods only

  2. Usually nobody has access to website code except its authors. Thus obfuscation may not be a requirement for ASP.NET websites

ogggre
  • 2,204
  • 1
  • 23
  • 19
0

the problem with obfuscation is if you have reflection code or code that depend on strict value, you could get into infinite loop, this could be the issue here,

example, if you have, let say, INotifyPropertyChanged the obfuscation will change the property name while the OnPropertyChanged("Name") wont

you have to cherry pick what will be obfuscated to make sure it won't break your code

Fredou
  • 19,848
  • 10
  • 58
  • 113