c# - Protection offered by using assembly StrongName? -

-

i strongname don't prevent reflection - that's job of obfuscator. beyond creating rather unique names, cryptographic purpose or protection of using strongnames?

assume

  1. myassembly has internal classes , methods, exposed via [assembly: internalsvisibleto("myassemblytest, publickey=realrsapublickey")] to

  2. myassemblytest, testing assembly.

both assemblies have strongnames, perhaps using same rsa key pairs.

what prevents

  1. stripping signature on myassembly
  2. creating fake/dummy rsa key pair
  3. modifying assembly attribute [assembly: internalsvisibleto("myassemblytest, publickey=fakersapublickey")]
  4. re-signing myassembly own fake/dummy rsa key pair
  5. consuming internals inside own assembly, maliciousassembly

i guess i'm not clear strongnaming's real duties ... appreciate insight.

the primary purpose of giving assembly strong name preventing malicious users of else's code uses assembly substituting code own.

consider situation: make transmitsecret.dll assembly give customers communicate server in secure way. if transmitsecret.dll not signed, malicious users able write own module presents same interface yours, wrap code in own malicious code, intercept of "secure" transmissions of customer, , send copy own server. able without having access source code of customers, replacing dll theirs.

if transmitsecret.dll signed, however, , customers' code linked against it, trick swapping assemblies not going work: when customers' code try loading transmitsecret.dll, .net notice change, , stop program starting up.


Comments

Post a Comment

Popular posts from this blog

c# - How Configure Devart dotConnect for SQLite Code First? -

-
can configure following sample code ? when run following code, error : no entity framework provider found ado.net provider invariant name 'devart.data.sqlite' setting in machine.config <system.data> <dbproviderfactories> <add name="dotconnect sqlite" invariant="devart.data.sqlite" description="devart dotconnect sqlite" type="devart.data.sqlite.sqliteproviderfactory, devart.data.sqlite, version=4.6.287.0, culture=neutral, publickeytoken=09af7300eec23701" /> </dbproviderfactories> </system.data> after add below block code in app.config <?xml version="1.0"?> <configuration>   <configsections> <!-- more information on entity framework configuration, visit http://go.microsoft.com/fwlink/?linkid=237468 --> <section name="entityframework" type="system.data.entity.internal.configfile.entityframeworksection, entit...
Read more

java - Copying object fields -

-
what best way of copying classes when need have 2 independent variables? have simple class: public class myclass { boolean = false; string b= "not empty"; } do need make method : assign(myclass data ) { a= data.a; b= data.b; } is there automatic method copy (duplicate) objects in java? do need make method : pretty close. instead of making method, should make constructor. such constructors called copy constructor , , create them this: myclass(myclass data) { = data.a; b = data.b; } and create copy of instance, use constructor this: myclass obj1 = new myclass(); myclass obj2 = new myclass(obj1); copy constructor can tedious : using copy constructor create deep-copy can tedious, when class has mutable fields. in case, assignment create copy of reference, , not object itself. have create copy of fields (if want deep copy). can go recursive. a better way create deep copy serialize , deserialize object. why not use clone()? ...
Read more

c++ - Clear the memory after returning a vector in a function -

-
i have function processes , stores lot of data in , returns results vector of class. amount of data stored in function tremendous , want clear storage memory of function after finished job. necessary (does function automatically clear memory) or should clear memory function? update: vector<customers> process(char* const *filename, vector<int> id) { vector<customers> list_of_customers; (perform actions) return list_of_customers; } variables defined locally within function automatically released @ end of function scope. destructors objects called, should free memory allocated objects (if objects coded correctly). example of such object std::vector . anything you've allocated new must have corresponding delete release storage. try avoid doing own allocation , use raii instead, i.e. containers or smart pointers.
Read more