Member Avatar for reanopp

Hi guys,

We have some sensitive information in a Visual C#.NET app (an app that needs to be distributed to end-users). Examples of this information would be a connection string for a MySQL database on our servers, and encryption keys that the program uses to decrypt some datafiles.

When the program is compiled, even using something as simple as .NET Reflector to "decompile" it exposes all this information. Well, it obviously exposes EVERYTHING in the source code, but that's .NET for you. Problem remains, they can see the username/password for the MySQL database, the key to decrypt the license files, hell - even the method that performs the decryption.

Obfuscation won't work in this case, because no matter how unreadable you make the source code, those strings are easy to identify.

Anyone have any ideas?

  • 2 Contributors
  • 4 Replies
  • 92 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by reanopp

Recommended Answers

All 4 Replies

Member Avatar for Salem

Arrange to distribute the sensitive information by another channel to known individuals at each client site.

Member Avatar for reanopp

That's unfortunately not an option, since most of the targeted end-users (it's a commercial product) wouldn't know what an encryption key or db connection string even is.

Member Avatar for Salem

Consider it an opportunity to sell some training then.

Member Avatar for reanopp

I rather see this as an opportunity to find out how other people protect certain pieces of information inside their source code :P

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.