Friday, October 1, 2010

disassembler concern


Couple of weeks back, our dotnet manager Srini raised the disassembler concern against IP(Intellectual Property). Yes, it’s true. Three options to mitigate:

At first, in typical n-tier modern architecture, Core logic resides in server-side code (such as a Web service, Web form, or stored procedure) and so the assembly resides on your server. Because no one outside of your company can access the assembly, your IP is completely safe.

Second point is related to obfuscators. For distributing assemblies, you can obtain an obfuscator utility from a third-party vendor. These utilities scramble the names of all of the private symbols in your assembly’s metadata. It will be difficult for someone to unscramble the names and understand the purpose of each method.

On dissatisfaction of obfuscators, you can consider implementing your own sensitive algorithms in some unmanaged module that will contain native CPU instructions instead of IL and metadata. Then you can use the CLR’s interoperability features (assuming that you have ample permissions) to communicate between the managed and unmanaged portions of your application. This is third option.

Thanx for Srini's feedback to think in this line.

No comments:

Post a Comment