Coffeehouse Thread

25 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

.NET applications basically force you to "open source"

Back to Forum: Coffeehouse
  • User profile image
    turrican

    Hmmm... .NET applications are basically open source, no? I mean, unless you use stuff like "Dotfuscator".

    I hope I am completely off and wrong, but I don't think I am.

    Sad

  • User profile image
    DCMonkey

    They're more easily decompiled to source code than native apps. They're not "open source".

  • User profile image
    Maddus Mattus

    It's illegal to decompile .net dll's.

     

    Don't cha know?

     

    Open source is different then being able to read the sourcecode.

  • User profile image
    turrican

    DCMonkey said:

    They're more easily decompiled to source code than native apps. They're not "open source".

    Yes, but you can fully see the source, that's what I meant by "open source" though, not the *GPL*thingy.

     

    Isn't this a.. hmm, bad thing?

  • User profile image
    turrican

    Maddus Mattus said:

    It's illegal to decompile .net dll's.

     

    Don't cha know?

     

    Open source is different then being able to read the sourcecode.

    You can fully see the source, that's what I meant by "open source" though, not the *GPL*thingy.

    Sorry, I perhaps chose the wrong word.

  • User profile image
    vesuvius

    turrican said:
    DCMonkey said:
    *snip*

    Yes, but you can fully see the source, that's what I meant by "open source" though, not the *GPL*thingy.

     

    Isn't this a.. hmm, bad thing?

    You can full see the public methods, not private methods hence not everything. All managed languages have this problem, including Java, so you need a good solicitor/lawyer and get the full pre-emtive solutions package. I would also strongly recommend ou use the keyword internal in your programs.

     

    In general I have found that unless you work for Microsoft, most successful applications become so complex that you need experts to attempts to de compile and figure out what is going on - with MS it may well be work getting their source.

     

    Most of these "reflector gurus" are far too expensive to use cracking competitors products, as they are usually skilled enough to create whatever it is you are trying to hack/crack/sniff or whatever the word is.

  • User profile image
    mstefan

    turrican said:
    Maddus Mattus said:
    *snip*

    You can fully see the source, that's what I meant by "open source" though, not the *GPL*thingy.

    Sorry, I perhaps chose the wrong word.

    There's several ways you can handle the issue if you have algorithms that you don't want to expose; obsfucation is one, another is to use a mixed code model where your sensitive code is accessed via a native code library that's compressed and encrypted. All said though, if someone really wants to see what you're doing, they can. It's really just a matter of the amount of work that they're willing to put into it.

     

  • User profile image
    Minh

    It boils down to... no code is really (really) hidden, so forget it... Use other means to protect your code... copyright... put it on a server in the cloud...

  • User profile image
    rhm

    OMG, this subject has been done to death since day one of .NET.

  • User profile image
    Bas

    rhm said:

    OMG, this subject has been done to death since day one of .NET.

    I was pretty sure this was a thread from 2004 that some spammer resurrected. Then I saw the '#Today' on the first post. Sad

  • User profile image
    Bass

    If you are worried about people stealing your codes you should probably not distribute any client software, and do everything web or thin-client based.

  • User profile image
    Maddus Mattus

    Bass said:

    If you are worried about people stealing your codes you should probably not distribute any client software, and do everything web or thin-client based.

    Maybe he's afraid because he writes sloppy code Wink

  • User profile image
    turrican

    mstefan said:
    turrican said:
    *snip*

    There's several ways you can handle the issue if you have algorithms that you don't want to expose; obsfucation is one, another is to use a mixed code model where your sensitive code is accessed via a native code library that's compressed and encrypted. All said though, if someone really wants to see what you're doing, they can. It's really just a matter of the amount of work that they're willing to put into it.

     

    Maybe it's just me but shouldn't Microsoft maybe buy dotfuscator and make it built-in for .NET or something? I know that there is a "light" version of it is in VS but that's a bit... meh...

  • User profile image
    W3bbo

    Maddus Mattus said:

    It's illegal to decompile .net dll's.

     

    Don't cha know?

     

    Open source is different then being able to read the sourcecode.

    It isn't illegal to reverse-engineer things.

     

    If you look at (properly written) EULAs, they'll say you're prohibited from reverse-engineering "to the extent" of local laws. Things like the DMCA are a problem, but specifically outlaw circumvention, which is an application of knowledge gained by reverse-engineering, RE itself remains legal.

     

    Anyway turrican: the applications you've discussed with us so far don't seem that complex enough to warrant any kind of special protection.

  • User profile image
    mstefan

    turrican said:
    mstefan said:
    *snip*

    Maybe it's just me but shouldn't Microsoft maybe buy dotfuscator and make it built-in for .NET or something? I know that there is a "light" version of it is in VS but that's a bit... meh...

    I've always wondered why they didn't just integrate that functionality directly into the compiler.

  • User profile image
    turrican

    W3bbo said:
    Maddus Mattus said:
    *snip*

    It isn't illegal to reverse-engineer things.

     

    If you look at (properly written) EULAs, they'll say you're prohibited from reverse-engineering "to the extent" of local laws. Things like the DMCA are a problem, but specifically outlaw circumvention, which is an application of knowledge gained by reverse-engineering, RE itself remains legal.

     

    Anyway turrican: the applications you've discussed with us so far don't seem that complex enough to warrant any kind of special protection.

    I don't think I have discussed any of my applications in here, but how is that relevant to my thread?

    Smiley

  • User profile image
    turrican

    mstefan said:
    turrican said:
    *snip*

    I've always wondered why they didn't just integrate that functionality directly into the compiler.

    Me too, it just screams to be built into the compiler imho.

  • User profile image
    Minh

    turrican said:
    W3bbo said:
    *snip*

    I don't think I have discussed any of my applications in here, but how is that relevant to my thread?

    Smiley

    MS had to make a choice...

     

    whether to make code discoverable (System.Reflection)... and malleable which is required for stuff like dynamic classes, dependency-injection, aspect-programming...

     

    or

     

    obsfucation...

     

    I'm glad they chose the former... which is actually harder to do

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.