|
Which program did you use for ? How can I put my key in a class-level static const.
Dotfuscator Community Edition is not convert variables.
Best Regards...
|
|
|
|
|
I didn't. However, on further analysis it turns out that the value is set from the static constructor of the class. Although it puts off casual crackers, it will not dissuade those who are determined to get the value. By class-level static const, I mean something like this:
internal class Program
{
internal static const string mySecretPassword = "Lorem";
}
However, it cannot compensate for a good obfuscation system and cannot stand on its own
modified on Wednesday, March 11, 2009 12:42 PM
|
|
|
|
|
In your sample not include identifier (for example string), so compiler get error. I try this;
internal class MyClass
{
internal static readonly string mySecretPassword1 = "MySecretKey";
private static readonly string mySecretPassword2 = "MySecretKey";
private const string mySecretPassword3 = "MySecretKey";
internal const string mySecretPassword4 = "MySecretKey";
private static string mySecretPassword5 = "MySecretKey";
internal static string mySecretPassword6 = "MySecretKey";
}
And obfuscation with Dotfuscator Community Edition and Salamander .NET obfuscator. And post build with Xenocode Postbuild 2008 for .NET. But I can see "MySecretKey" when I open obfuscated dll with reflector. In ".cctor()" function.
Note: In C#.NET
const = value assigned at Compile time and unchangeable once established.
readonly = value assigned at run time and unchangeable once established.
|
|
|
|
|
Whoops; I've added string to the code sample. As I said, all that my method does is hide it from a cursory look. It cannot compensate for a dedicated obfuscation package. I have chosen the const keyword because it simply provides safety in case I ever go past the ballmer peak and change its value; my choice was quite deliberate
|
|
|
|
|
A decent obfuscation tool (NOT the one that comes with Visual Studio) will encrypt strings so reflector doesn't show anything useful.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
Which one is better;
Dotfuscator Professional (preemptive)
Salamander .NET obfuscator (remotesoft)
And what is your think about post-build? Do you use Xenocode Postbuild?
Best Regards...
|
|
|
|
|
You're planning to combine relatively insecure ways to hide a key with a very strong encryption algorithm? That strikes me as odd - it's a bit like having 10 locks on your door but putting the key under the doormat.
|
|
|
|
|
I second this comment!
"we must lose precision to make significant statements about complex systems."
-deKorvin on uncertainty
|
|
|
|
|
Good call.
If you were using crypto appropriately, then you wouldnt need to hide the key that the user is going to use.
Alice can't send a secret message to Bob and then have Bob read it sometimes, but not other times. Maths doesnt work that way...
|
|
|
|
|
Ok. How can I Blowfish, Twofish or AES algorithims in ASP.NET project. All of them needs private key.
|
|
|
|
|
You can use them, but you should only use them to encrypt a communication channel. Anything else is not "encryptable" - you may try but it still won't be safe, no matter what.
|
|
|
|
|
Could you explain "encrypt a communication channel"? Is it means SSL certificiate installed and configured server?
|
|
|
|
|
Actually it's more like a fundamental theory in crypto.
Yes SSL "works", because it encrypts traffic between two computers, and that's a communication channel.
Encrypting a communication channel just means that there are 2 parties involved and they can talk to each other, but anyone else who happens to be listening only receives a garbled mess.
Encryption of data only works if the key is guaranteed not to fall into the wrong hands. This guarantee is what makes it impossible, because it means you can't tell to key to anyone, including the program that you want to decrypt the data. This is why passwords don't "work" - they can be stolen (key loggers, fake websites, phishing emails etc). If "the wrong hands" includes the person using the program, obviously the program should not have the key, because no matter what trickery you use the key will at some point be available to the program and thus also to the person operating the computer.
So what I hope, is that you only want to keep the data a secret from "others" - for example other people on the network (LAN/WAN whatever) who could overhear the communication between your site (it's a site right?) and a user. SSL does this, but you could use other algorithms as well (if the client allows it, if it's a program you control you could use anything you want). If the algorithm you want to use is not a public key algorithm you could use something like the Diffie-Hellman exchange to effectively turn it into a public key algorithm.
ps: please do not sue me if you find any errors in what I just said
|
|
|
|
|
I am having a little issue that I figured Microsoft would of changed.
So I am trying to do my reports, which I can only figure out how to do with Datasets. I typically do not use datasets and do everything by writing the code when connecting, and retrieving/insertings information into a database.
So anyways, I am storing everything in the applications settings. Before inserting the information I am encrypting the words so you cannot read it in the XML file. One problem I am having though is that you cannot write a connectionstring. It is readonly?!?
So how do I do these reports (Microsoft reports) without using Datasets?
|
|
|
|
|
well,
what visual studio does when storing connection strings is, it only codes the get method of the "connection string" property. this is an auto generated code,you will find it in a file called "Settings.Designer.cs"
you will find a code roughly like this
<br />
[global::System.Configuration.ApplicationScopedSettingAttribute()]<br />
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]<br />
[global::System.Configuration.SpecialSettingAttribute(global::System.Configuration.SpecialSetting.ConnectionString)]<br />
[global::System.Configuration.DefaultSettingValueAttribute("Default Connetction string")]<br />
public string Setting {<br />
get {<br />
return ((string)(this["Setting"]));<br />
}<br />
set<br />
{<br />
this["Setting"] = value;<br />
}<br />
}<br />
delete the default connection string and assign it before trying to fill the dataset
hope it works for you,
|
|
|
|
|
Sweet that looks like exactly what I needed! Thanks!
|
|
|
|
|
how do we make a network in graph topology.
|
|
|
|
|
I have no idea what you are on about. Is this a network related question by any chance. i.e. wrong forum?
Life goes very fast. Tomorrow, today is already yesterday.
|
|
|
|
|
Hi. Until now, I've been working only in C#, but only Web Sites. Now I tried to make something in C# for Applications and I have this problem: when you make Web Sites, you have DropDownList. In the dropdownlist I can assign a value to each member from the list and get it later with
DropDownList1.SelectedItem.Value; With the combobox in applications I don't have the same value option. When I write
comboBox1.SelectedItem I don't have the option to retrieve or to assign a value to the item I'm putting in the list.
I need this option for working with databases, because I fill the combobox from a database, and I want the value of the items to be the ID assigned in the database. I use Visual Studio 2008.
|
|
|
|
|
comboBox1.SelectedValue and you have to use DataSource , DisplayMember and ValueMember .
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN%
Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
--------------------------------------------------------
128 bit encrypted signature, crack if you can
|
|
|
|
|
I have a list view with 3 columns and I want to display an image in 3rd column during run time.
I've not find any direct method to do this, Then I approached DrawSubItem event. But I am not able to achieve my requirement as it is continuosly paiting.
I think I need to go for customization. But I am new to C# and I am in need of somebody's help.
Can anyone please help me in getting the solution?
|
|
|
|
|
http://www.codeproject.com/KB/list/OAKListView.aspx[^]
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/|+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKSQXUFYK[M`UKs*$GwU#(QDXBER@CBN%
Rs0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia>
--------------------------------------------------------
128 bit encrypted signature, crack if you can
|
|
|
|
|
Hi all,
How to convert html to pdf?
I am using Itextsharp.dll as my library, cause i found 2 other library but are under License so i cant use it
i tried to follow the ExpertPDF method of geting the property but i just cant not get it to work
private PdfDocument GetPDFConverter()
{
int pageWidth = 0;
int pageHeight = 0;
PdfDocument pdfConverter = new PdfDocument(pageWidth, pageHeight); <-- (The type 'iTextSharp.text.pdf.PdfDocument' has no constructors defined)
pdfConverter.GetRight = false; <--error also
return pdfConverter;
}
How can i do it?
As i not sure how to read the data from the library
Thank You
|
|
|
|
|
|
I would follow Yusuf[^]'s advice below where you posted a very similar question[^].
|
|
|
|