| Author |
Message |
clement_911
Joined: 22 Dec 2010
Posts: 7
Location: AU
|
 Posted: Wed Dec 22, 2010 10:01 am Post subject: Merging vs Embedding: which one is more secure ? |
 |
|
Hi.
I'm building a silverlight app and evaluating SmartAssembly.
I was wondering what is the recommended method to maximize security between Merging and Embedding ?
Also why is not possible to do both ?
Is there a way to obfuscate all non public members of dependency ? Therefore all assemblies would be obfuscated without the need to merge.
Thanks |
|
| Back to top |
|
 |
clement_911
Joined: 22 Dec 2010
Posts: 7
Location: AU
|
| Posted: Wed Dec 22, 2010 10:05 am Post subject: |
|
|
A couple of extra things.
I tried the Embedding functionality with encryption + compression and the resulting xap actually got bigger !?
Also, I'm assuming the decryption key is stored somewhere, so I'm wondering how secure the encryption is.
The product looks great so far though....
Cheers. |
|
| Back to top |
|
|
ShortAngry
Joined: 02 Dec 2010
Posts: 14
|
|
| Back to top |
|
|
clement_911
Joined: 22 Dec 2010
Posts: 7
Location: AU
|
| Posted: Thu Dec 23, 2010 11:52 am Post subject: |
|
|
| Yes I did check those but they do not answer my questions above. |
|
| Back to top |
|
|
Brian Donahue
Joined: 23 Aug 2004
Posts: 6369
Location: Red Gate Software
|
| Posted: Thu Dec 23, 2010 2:36 pm Post subject: |
|
|
Why is it not possible to do both merging and embedding? These are both two different approaches to do the same thing, which is to prevent you from having to ship the dependent DLLs. Doing both would not make sense.
The XAP could be bigger as a result because to workaround one of the strange issues in Silverlight, an additional manifest has to be added to the XAP. And if I'm not mistaken, the BAML resources are already compressed before SA gets hold of them?
I don't think the encryption key for strings and resources is stored in the assembly. Even it it was, I don't believe I would tell you where it is. 
_________________
Brian Donahue
Technical Support
Red Gate Software Ltd.
44 (0)870 160 0037 ext 8521
US and CAN 1-866-RED GATE ext 8521 |
|
| Back to top |
|
|
clement_911
Joined: 22 Dec 2010
Posts: 7
Location: AU
|
| Posted: Thu Dec 23, 2010 9:16 pm Post subject: |
|
|
I'm thinking 2 protections would be stronger than 1.
I see, so compression does not make so much sense in the case of Silverlight where xap are already zip files. |
|
| Back to top |
|
|
Brian Donahue
Joined: 23 Aug 2004
Posts: 6369
Location: Red Gate Software
|
| Posted: Fri Dec 24, 2010 10:30 am Post subject: |
|
|
Merging and embedding aren't protecting features really, unless you count merging and obfuscating, or embedding and encryption, which protect code in combination.
I had a bit of a discussion round the office and have discovered there is one circumstance where you would want to merge and embed, and that has to do with assemblies that provide interfaces for remoting, because remoting will still try to bind the assembly even if it's been merged. Sorry, I find this difficult to explain. But there may be a genuine use case for it.
_________________
Brian Donahue
Technical Support
Red Gate Software Ltd.
44 (0)870 160 0037 ext 8521
US and CAN 1-866-RED GATE ext 8521 |
|
| Back to top |
|
|
|
