Security in I.T

**Nightwalker83** · Aug 5th, 2009, 05:15 AM

Hi,

Now as a web design/development student I am familiar with the coding and design practices associated with that stream, like people in the Software, Multimedia and Networking, etc streams. However, I have noticed that unlike software web design or multimedia do no have any assurances to protect the code, etc from people abusing something someone else has created. Yeah, I no their have been cd/dvd writers around for awhile now. However, I wanted to discuss what practices are in place to protect a piece of work. I am familiar with the VB 3/4 de-compiler and am a ware that there is not one (I'm ware of) for Visual Basic 5/6/.NET. Now, has anyone created a de-compiler for those languages or are they uncrackable?

The opposite applies in web design where the whole world can pinch the raw data from a website. All someone would need to do is browse to a website than view the source then select the link say of an image and put the link in the address bar and press enter. This goes straight to the location the file is stored at no questions asked. The only web language I have used that is somewhat protective is php because it is a server-side language it is not displayed in the source code in the browser.

Ok! Back to the topic at hand. What practices or technology is in place to assist us in I.T against people stealing our code, etc?

Thanks,

Nightwalker

**chris128** · Aug 5th, 2009, 09:45 AM

I am familiar with the VB 3/4 de-compiler and am a ware that there is not one (I'm ware of) for Visual Basic 5/6/.NET. Now, has anyone created a de-compiler for those languages or are they uncrackable?

Unless I'm missing something then you are very wrong, .NET program source code is extremely easy to get. Just run a free tool like Reflector on your target assembly and there you go (http://www.red-gate.com/products/reflector/)

Also, I'm no web programmer but isnt ASP.NET a server side platform as well? (so the same thing that you applies to PHP would apply to that as well). Oh and one other thing

saying something like security in IT is very vague, IT has sooo many different parts to it (programming, networking, hardware, databases and files etc etc) and also you are not really talking about security here, more just about protecting your source code.

**Nightwalker83** · Aug 5th, 2009, 11:44 PM

Originally Posted by chris128

Unless I'm missing something then you are very wrong, .NET program source code is extremely easy to get. Just run a free tool like Reflector on your target assembly and there you go (http://www.red-gate.com/products/reflector/)

Ah ok! I assumed that .NET would have been secure like VB5/6 not reverting back to the days of VB 3/4. I haven't used VB.Net!

Also, I'm no web programmer but isnt ASP.NET a server side platform as well? (so the same thing that you applies to PHP would apply to that as well). Oh and one other thing

saying something like security in IT is very vague, IT has sooo many different parts to it (programming, networking, hardware, databases and files etc etc) and also you are not really talking about security here, more just about protecting your source code.

Yes, however, mentioned above php is the only one I have used. Yeah, I thought about that after I posted but I could decide on what I was really talking about.

**DeanMc** · Aug 13th, 2009, 04:50 AM

.NET code is easy enough to get too from a .DLL in fact I remember a while ago loosing the source to x:Light so I just broke open the .DLL and went from there.

**Shaggy Hiker** · Aug 13th, 2009, 01:04 PM

No language is totally secure. VB5/6 was a bit harder to crack, but no harder than C/C++ or ASM, because in the end, it is all turned into machine code, which can be all turned into ASM (there is a 1:1 correspondence), and probably into something like C. The whole point is to make cracking the code more difficult than is justifiable for the hacker. In the case of things I write (highly specialized freeware), that level is so low that if I provided the source code along with the program, people STILL probably wouldn't even look at it. If your code is a commercial package, then the calculus is different.

**chris128** · Aug 13th, 2009, 01:07 PM

yeah some people do just not even bother with this kind of security because its simply not worth the time or expense - I remember decompiling one program into ASM and finding a string in it that just said "well done, you found the product key algorithm. It wasnt exactly hard though was it..." or words to that effect

**Shaggy Hiker** · Aug 13th, 2009, 01:17 PM

One of the original Wolfenstein 3D levels from Id Software had a mini-game built into it where the first X number of people who called in with a certain word, found hidden in the middle of a maze on a secret level, would receive some kind of prize. Hackers decompiled the source code and read the word out, thereby rendering the contest pretty silly.

**chris128** · Aug 13th, 2009, 01:31 PM

haha good old hackers

**Nightwalker83** · Aug 13th, 2009, 07:38 PM

Originally Posted by Shaggy Hiker

No language is totally secure. VB5/6 was a bit harder to crack, but no harder than C/C++ or ASM, because in the end, it is all turned into machine code, which can be all turned into ASM (there is a 1:1 correspondence), and probably into something like C. The whole point is to make cracking the code more difficult than is justifiable for the hacker. In the case of things I write (highly specialized freeware), that level is so low that if I provided the source code along with the program, people STILL probably wouldn't even look at it. If your code is a commercial package, then the calculus is different.

Ah, ok! I'm just wondering about this code protection, etc because I mentioned in the first post web don't have any protection against the source theft. Unlike software, until or if someone manages to crack the protection. I was wondering if there are infact precautions someone like myself it the web sterm could take to protect our code, etc?

Originally Posted by Shaggy Hiker

One of the original Wolfenstein 3D levels from Id Software had a mini-game built into it where the first X number of people who called in with a certain word, found hidden in the middle of a maze on a secret level, would receive some kind of prize. Hackers decompiled the source code and read the word out, thereby rendering the contest pretty silly.

LOL!The life of programmer must to dull sometimes.

**chris128** · Aug 14th, 2009, 03:56 AM

But like we have said ASP.NET and PHP, possibly the two most popular web languages, do have 'protection' because the actual source code is not what the user can access. The source code runs on the server side and produces the HTML that the client sees.

**Nightwalker83** · Aug 14th, 2009, 05:07 AM

Originally Posted by chris128

But like we have said ASP.NET and PHP, possibly the two most popular web languages, do have 'protection' because the actual source code is not what the user can access. The source code runs on the server side and produces the HTML that the client sees.

Yeah, however, the other stuff such as image urls, etc will be in html, that is unless you can send a request to the server and load the whole site via php or asp.net?

**chris128** · Aug 14th, 2009, 06:20 AM

I didnt think of image URLs as being part of an application's source code really but if you really wanted to hide them then there are ways of doing it. I've seen several web sites that dont have any easy way to get at the image URLs but I'm no web developer so I've never tried to do it myself.

**Nightwalker83** · Aug 14th, 2009, 08:18 PM

Originally Posted by chris128

I didnt think of image URLs as being part of an application's source code really but if you really wanted to hide them then there are ways of doing it. I've seen several web sites that dont have any easy way to get at the image URLs but I'm no web developer so I've never tried to do it myself.

I don't know about software but for web sites I'm wondering if it's possible when creating the website in php or asp.net where the object you want on the screen would be returned as an echo:

PHP Code:


<?php 

session_start()&#894; 

include 'cart.php'&#894; 

$cart = new Cart()&#894; 

$counter= $_SESSION['counter']&#894; 

if ($counter==0) 

echo"<br><br><p><b> Your Shopping Cart is 

empty !!! </b></p>"&#894; 

else { 

$cart = unserialize($_SESSION['cart'])&#894; 

$depth = $cart*>get_depth()&#894; 

echo"<h1>Shopping Cart</h1>"&#894; 

echo "<table border=1>"&#894; 

echo"<tr><td><b>Item 

Name</b></td><td><b>Quantity</b></td><td><b> 

Price</b></td></tr>"&#894; 

for ($i=0&#894; $i < $depth; $i++) 

{ 

$item = $cart*>get_item($i)&#894; 

$deleted = $item*>deleted&#894; 

if (!$deleted){ 

$item_id = $item*>get_item_id()&#894; 

$item_name = $item* 

>get_item_name()&#894; 

$qty = $item*>get_qty()&#894; 

$price = $item*>get_price()&#894; 

$total_price = $total_price + 

($price*$qty)&#894; 

echo"<tr><td>$item_name</td><td>$qty 

</td><td>$price</td></tr>"&#894; 

} 

} 

echo"<tr><td><b> Total 

</b></td><td>&nbsp;</td><td><b>$total_price</b></td></tr>"&#894;

echo "</table>"&#894; 

echo"<p><b> <a href=view_cart.php>Remove 

Items from the Cart </a> </b></p>"&#894; 

echo"<p><b> <a href=products.php>Go back to 

products </a> </b></p>"&#894;

}

?>

Thread: Security in I.T

Thread Tools

Display

Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Re: Security in I.T

Posting Permissions