obfuscation question

[vadim]

Hi,

Will obfuscation help in securing hard coded key in asp.net application?

Thank you

Vadim

[WJ]

No. Obfuscation tool only understands compiler syntax and symbols, not the
data. Example: If you name a variable as string
ComputerIpAddress="127.0.0.1", obfuscator only renames or scrambles the
variable name "ComputerIpAddress", not its value.

As for your concern about hardcoding your secret key inside your program can
be done in a number of ways. For example: if your secret key is something
like "123#AbcXzqOK*&76", then do not code as string sKey="the value", store
the data in array of bits, this make it harder for any tool to disassemble
the code. This is just a thought.

John

"vadim" <vadim@dontsend> wrote in message
news:Oyi5cogOEHA.3624@TK2MSFTNGP10.phx.gbl...

> Hi,
>
> Will obfuscation help in securing hard coded key in asp.net application?
>
> Thank you
>
> Vadim
>
>

[Alek Davis]

Vadim,

Some obfuscators provide a "string encryption" feature, which uses an
embedded "encryption" algorithm to change application string values. This is
not a bullet-proof option though. And in general, storing secrets in the
application source code (of .NET/Java applications) is not a good idea.
Check this article, it can give you some ideas (it also contains references
to other resources, such as articles about obfuscation, which you may find
helpful): "Safeguard Database Connection Strings and Other Sensitive
Settings in Your Code" at
[url]http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/[/url].

Alek

"vadim" <vadim@dontsend> wrote in message
news:Oyi5cogOEHA.3624@TK2MSFTNGP10.phx.gbl...

> Hi,
>
> Will obfuscation help in securing hard coded key in asp.net application?
>
> Thank you
>
> Vadim
>
>