Al, Net apps can be fairly easily reverse engineered via using a standard feature within .NET called reflection. All the info is there within the assembly that you need to get back to the original code. However, what you end up doing is producing the intermediate code not the original C# or VB code exactly. That is why there is an Obfuscator built into VS which can be used as well as or in lieu of a 3rd party product.
Judging by some of the 3rd party code I've been dealing with recently, they don't need any obfuscator at all! As Ted has said, no system is completely secure for those who are determined no matter what. I would ask the question though as to how many people have in fact had their applications "ripped off". Not many would be my guess and it is a little like the "urban myth" syndrome where everyone knows somebody who in turn knows someone who etc etc. Good software competitively priced will very rarely be ripped off. It simply isn't worth the time and effort. After all, if you give the source code to a client (as in say a GPL) they don't or wouldn't know what the hell to do with it. Dave Crozier -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Profox Sent: 13 November 2008 15:31 To: profox@leafe.com Subject: RE: Splitting of Distributable VFP System Ok Ted Now diversified from the original remark I made which I still think was correct, but this is of interest to me as I'm getting more into web apps. Now I understand that outside the web server the code cannot be seen unless you do something silly, but I understood that .net apps, although they compile, can be easily decompiled. Is this not the case ? Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ted Roche Sent: 13 November 2008 17:22 To: [EMAIL PROTECTED] Subject: Re: Splitting of Distributable VFP System On 11/13/08, Profox <[EMAIL PROTECTED]> wrote: > And web app's are secure why ? or was that a joke too :) "Security" isn't a feature or a checkbox that's on or off. It's a process. And there's lots of ways to screw it up on all kinds of installations. There's "secure against code theft" and there's "secure against misuse of services" and there's "secure against information disclosure" that are all different though related concerns. This thread started out talking about the first one. [excessive quoting removed by server] _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
