Where to store sensitive data in a C# assembly?

About

Asked 23/1, 2013 at 22:48 Answered 23/1, 2013 at 22:53

Given that a C# assembly can be easily reverse engineered using reflector, where should I store my sensitive data when compiling an assembly in C#?

I have a X509certificate embedded in my C# assembly in which I need to store the password when accessing the certificate! Now where should I store the certificate password?

Wolverine answered 23/1, 2013 at 22:48 Comment(9)

You can't. Anything that your code can access, the user can also access. – Politics 23/1, 2013 at 22:49

Encryption would be your only option: support.microsoft.com/kb/316898 But ultimately, nothing is secure. – Rhys 23/1, 2013 at 22:50

Keep you sensitive data in protected (encrypted) mode. – Peridium 23/1, 2013 at 22:50

any other solutions? an unmanaged library maybe? – Wolverine 23/1, 2013 at 22:50

You can encrypt part of your app.config file: weblogs.asp.net/jgalloway/archive/2008/04/13/… – Davon 23/1, 2013 at 22:52

The consensus is that it can't be done. See here and here. – Warship 23/1, 2013 at 22:59

@Anon: Encryption doesn't help in the slightest. – Politics 23/1, 2013 at 23:1

@Sepehr: No. The user has complete control over anything running on his machine. – Politics 23/1, 2013 at 23:2

The best I've used is Secure Team (secureteam.net/NET-Obfuscator-Features.aspx) but its not cheap. – Corpuz 25/1, 2013 at 0:56

If you don't mind shelling out some cash, you could take a look at Eazfuscator

The vendor claims to offer Code virtualization, string encryption among other features.

If his claims are valid, this might be what you need.

They have a trial, so i guess it can't hurt to try it out.

Mckie answered 23/1, 2013 at 22:53 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags