Is the C # language recommended to be distributed online with a database?

Question

Is the C # language recommended to be distributed online with a database?

Navigation

#1 by (11 votes)

7

It is very easy to get the entire code from a C # program using .NET Reflector.

Would it be possible for me to put the same security in a C # program as a program made in C ++? I found this answer in Stack Overflow in English but even in the comment says that you can still get the program code.

I do not think it's cool to see my code, I'm not saying that C ++ is totally secure or something, I confess I do not know much about it. But for all I researched, C ++ would not be able to get all the code as is possible in C # .

But the question is about C # and not C ++. I really like C # and was wondering if I can really rely on using a database password in C # just by using one of the programs to "hide code" from .NET Reflector. If not, would C ++ be a good fit?

c++ c# .net

asked by anonymous 01.02.2016 / 17:33

1 answer

How to solve duplicate PHP object? What does the application gain using Type Hint?

score 11 · Accepted Answer

The security problem lies with the programmer and not with the language. When you use the wrong technique, you will get the wrong solution.

Executable Security

In any language you can get passwords inserted inside your executable. The solution is simple. Do not do this!

C ++ produces native executables, that is, machine code. But that does not mean that passwords are protected, on the contrary. Not even the code is protected. A disassambler can redo the code in Assembly . There are decompilers that can also produce C / C ++ code from an executable. The results are not good, but it's possible.

Decompiling C # allows you to generate better codes, that's all. But not perfect. And it has how to generate native code with C #, it already existed before with Ngen and now you have more facilities with .Net Native .

Do not worry too much about the fact that the code can be more easily decompiled, and in a specific circumstance (this is not even related to the language itself, but to the way it is implemented, which is a transient feature). This causes fewer problems than it seems. In fact, I've never really seen a problem.

Protect passwords

First try not to put a password in the executable or send it to a file. Are you sure it's necessary? You have no other way to do this? Get creative!

If you need a password, why not put it in the user's hand? Is not it a better solution to let the user create a password for it (or do you create it in some way) and access it by typing the password?

You have techniques for not having to enter the password in the solution .

If you really do not have a way and have to put the database password together with the application, you do not have to put it inside the executable. Put it in an auxiliary file. It even has a .Net standard to do this. And do it in an encrypted way, obviously. This protects the password. Not 100%, but protect.

You've already searched the OS, search for the right reason . See . Net already thought about it and got the solution ready .

For this problem it does not make any difference to use C ++ or C #. In fact, you're likely to find fewer ready-made solutions in C ++ than in C #.

You can ask specific questions about the subject or other things. But be careful because your idea of security is far from reality. Do not believe anything without having information that confirms this unequivocally. For this we are here.