Security in VB.net

[paopao]

Since .net framework have a similar idea with Java. THe program will be complier into MSIL (like byte code like byte code in Java). So the program that written by .net language can be decomplie. Just like Java program. Therefore the string parameter fofr the login to server and database can be retrieve by the decomplier if it is exits. Then the security will be easy to break down?

[Edneeis]

This is pretty much true.

[Dozo_1st]

The code can be cracked, but the data sent from and to the server will be encrypted (usually by using Kerberos). Therefore the type of security can be cracked, but not the security itself???

Don't know much about security, so is this correct what I am saying or is it just a lot of bull?

Dozo

[SoftwareMaker]

Since .net framework have a similar idea with Java. THe program will be complier into MSIL (like byte code like byte code in Java).

Unlike Java which the JVM converts to btyecode, the .NET JIT Compilers compile IL to native machine code therefore resulting in better performance.

yes, security is a problem for .NET but the tradeoffs are for self-describing assemblies and metadata which eases development, implementation and integration time. Reverse-engineering exists throughout the software programming world regardless of languages. A good software architecture and design might alleviate some of these problems.

++++++++++++
For the password, ALWAYS save it in an encrypted format in another file like db.pwl (Save it with text pad). Encrypt the password using some form of encryption like RC4 or Base64 or even create your own encryption techniques if you want to. Before passing this value into the connection string, decrpyt it with the same techniques and principles
++++++++++++

To me, it seems that moving towards the client-server app to the browser-server app is what .NET is targetting for. Once your code resides on a secure server, you will not have unwanted ppl dis-assembling your assemblies

There are a couple of software developers selling tools that prevents reverse-engineering of .NET assemblies. and they are EXPENSIVE !!!
www.remotesoft.com

Read this articles for more info....
http://www.windevnet.com/documents/s...208b/0208b.htm

[paopao]

It is true that .net vision is to the internet and intarnet. Somehow if we still or need to program some clinet - server or program that need ADO then the parameter can be retrieve by the decomplier then. So do you think this kind of program is better stay with vb6 or vb .net is secure enough for it?

[Hu Flung Dung]

Originally posted by paopao
Since .net framework have a similar idea with Java. THe program will be complier into MSIL (like byte code like byte code in Java). So the program that written by .net language can be decomplie. Just like Java program. Therefore the string parameter fofr the login to server and database can be retrieve by the decomplier if it is exits. Then the security will be easy to break down?

Well, any program can be decompiled into ASM. If your just hard-coding the password as a string, then all you need is a hex editor to read it.

MSIL (the so-called byte code you compile to) is converted into machine code by the JIT (The framework's Just-In-Time compiler), so I don't think it would be any easier to decompile a .NET assembly than any other application. Just keep in mind that a determined hacker can decompile any program (whether its a .NET assembly or not) to retrieve whatever info he wants from it. Thats why you should never hard-code sensitive information, keep all that stuff on a server.

[paopao]

I agree with u comment, but somehow we r not always program on the server side. Something we need some desktop solution. Then we need to hard coding. Since hacker can hack all the thing they want I agree, but for normal user with the decomplier they can retieve information without be knowing much about computer. I can retieve Java code without knowing how to program Java.