1

I have a desktop application developed in C#.NET, with an encrypted database. The encryption password is hard coded in the application code.

How can I hide this password, since the code can be accessed through a .net disassembler?

Maybe obfuscate the code could be a solution, but how do I create a setup for the application with the obfuscated code, because every time I rebuild the setup, a brand new .exe is created and the code is never obfuscated.

I hope someone knows how to get around this.

Improve this question
3
  • 2
    possible duplicate of How to store passwords in Winforms application? Commented Aug 6, 2010 at 16:50
  • 1
    Obfuscation as a form of security is akin to shuffling a deck of cards in order to "hide" the ace of clubs. The card will ultimately be found by anyone who wants to look. Commented Aug 6, 2010 at 16:56
  • Even if the .net disassembler didn't exist, or if a perfect obfuscator existed, a debugger like WinDbg would be able to see it. There are a lot of solutions to this problem, but it would depend on who your customers are. E.g. an internal corporate application has more options than anyone who has a windows box. Also is this DB local to the machine or do all users use it? Commented Aug 6, 2010 at 18:26

2 Answers 2

Reset to default
1

My suggestion is to not do this and here's why: SCADA

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-1

You definitely want to look into some for of encryption, some professional obfuscators will encrypt string information in an assembly as well.

Improve this answer

1 Comment

Is this the "turtles all the way down" school of cryptography? Sure, you can add another layer of encryption. But if the desktop application is to access the database, it must have all the required keys. And that means those keys will be accessible to disassemblers and/or debuggers.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.