Ken Ismert
KIsmert at texassystems.com
Tue Sep 27 12:05:33 CDT 2005
>>But AFIK .NET pCode is almost human readable, and >>certainly very easy to reverse engineer. You have a good point, Lambert, and that prompted me to do some quick research: .NET programs are compiled to MSIL (a kind of p-Code) a common Intermediate Language which is then executed by the Common Language Runtime (CLR). MSIL is stored in .NET assemblies, which, along with descriptive metadata, are both housed in the DLL and EXE files produced by .NET compilers. The CLR converts MSIL to machine code using a JIT compiler at execution time. Because MSIL is a fairly straightforward conversion of a higher-level language, it is easy to decompile, especially with the help of the metadata. However, Code Obfuscators exist which will protect the internals of your code. In fact, Visual Studio .NET 2003 and 2005 ship with basic obfuscators. So, you are right, .NET is not secure 'out of the box'. But, there are well known ways to secure your code. The level of security you want will determine how much money and effort you are willing to spend. Certainly, there is a tug-of-war between obfuscator and the decompiler technology. But, at least in .NET you can get a reasonable level of security for your hard-won code. With Access, there is nothing beyond the unacceptably insecure mde format. And that seems unlikely to improve. -Ken References: Intellectual Property Protection and Code Obfuscation http://www.15seconds.com/issue/040310.htm Decompiling .NET Assemblies http://aspnet.4guysfromrolla.com/demos/printPage.aspx?path=/articles/080 404-1.aspx