Print Page | Close Window

Could you please advise how I can hide the business logic from disassembling?

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce Classic
Forum Discription: For .NET 2.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=151
Printed Date: 01-Apr-2025 at 3:04pm


Topic: Could you please advise how I can hide the business logic from disassembling?
Posted By: Customer
Subject: Could you please advise how I can hide the business logic from disassembling?
Date Posted: 12-Jul-2007 at 11:55am

Could you please advise how I can hide the business logic from disassembling?

I went through your docs but did not find any help on this.


Replies:
Posted By: IdeaBlade
Date Posted: 12-Jul-2007 at 11:56am
There are no facilities in DevForce to hide the business logic from disassembly, and, in fact, you are the first customer that I know of that has asked us for this capability. 
 
The term for "hiding business logic from disassembly" is called "obfuscation".  There are some obfuscation utilities that ship with Visual Studio.  Desaware is one company that I know of that has a good tool.  A quick search of the Internet provided me with a general article that talks about how to select an obfuscation tool.
 
http://www.howtoselectguides.com/dotnet/obfuscators/ - http://www.howtoselectguides.com/dotnet/obfuscators/

Posted By: Customer
Date Posted: 12-Jul-2007 at 11:58am
In one of our earlier conversations you mentioned that obfuscation is not recommended and I do feel it will slow down the performance. Our projects are HUGE and hiding the business logic is a must for us. I understand that it is the .NET architecture but I would expect DevForce to provide its customers some solution to hide the business logics. Must see if there is anyway to embed the assembly within another assembly.  

I will try out the obfuscators.

Posted By: IdeaBlade
Date Posted: 12-Jul-2007 at 11:59am
It's not so much an issue that we think obfuscation can't be an important issue to our customers.  Rather, it's just not the business we are in.  We think security is important too, but we don't develop security protocols.
 
Here is some additional advice:
 
(1)    I don't think performance is an issue.  My understanding is that the obfuscated code should run as fast as code that is not obfuscated,
 
(2)    Decide which part of your code really needs to be obfuscated and which part doesn't. I'd suggest using as little obfuscated codes as possible.
 
(3)    Put as much logic in your middle tier.  The middle tier is presumably behind a firewall and the code on the middle tier then shouldn't need to be obfuscated.
 
(4)    If you do decide to use obfuscation, you won't be able to do relection on the obfuscated code.  In additional, it will be difficult to debug obfuscated code.
 
(5)    You can also use encryption, and then unencrypt  before loading your assemblies (Not so easy to do, but it is possible).


Print Page | Close Window