Skip to main content
Home Forums Silverlight Programming Programming with .NET - General Security and obfuscation
3 replies. Latest Post by ssware on November 20, 2009.
(0)
decius
Member
26 points
66 Posts
11-04-2009 5:02 PM |
Just curious about others thoughts on this: but it seems to me that the only way to obtain security that is built into an SL application is to obfuscate the assembly.
Here's what's making me think that:
A malicious user could easily get ahold of the .xap package (even though not authenticated). They could easily decomile the .dll containing logic for Principal and Identity classes and modify the code to allow all users to be authenticated. They could then recompile and hit the exposed endpoints and voila, they have access... Am i crazy for thinking this?
bryant
Star
9937 points
1,629 Posts
11-04-2009 6:11 PM |
The only thing that isn't secure in Silverlight is your code since it can be decompiled.
So it shouldn't represent a security threat anymore than the html code (and javascript) in a web page would.
11-05-2009 8:20 AM |
Yeah, I see exactly what you mean. The ability to run .NET on the user-client lures me to wanting to do the same server-side logic in my code I'm used to, which when I think about it, and after reading your post, it's a much different beast. It's hard to remind myself of that because once I get in csharp mode, I'm used to thinking/analyzing a certain way....
Thanks
ssware
14 points
7 Posts
11-20-2009 6:05 AM |
To prevent end-users from analysing your xap files, you should obfuscate the assemblies in the xap files using an obfuscator such as Crypto Obfuscator (http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm) which supports Silverlight.
Security and obfuscation