Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Prevent others from using my dlls

Tags:

c#

.net

I'm new to .net and would like to know how I can prevent others from using/referencing my compiled libraries. I did some research but didn't find a clear answer. Is it authenticode or strong names or something else? and how reliable is it?

the libraries are part of a commercial desktop software

like image 520
Tim Avatar asked Feb 15 '15 01:02

Tim


2 Answers

How I can prevent others from using my compiled libraries?

I would like to know how I can prevent someone from using my toothbrush. I have found a solution. I don't give them access to my toothbrush.

If you don't want people to use your software then do not give them your software.

If you want someone to be able to use the functionality of your code without knowing the implementation details then write a web service, put the software behind a web server, and people can use your software via the service you've provided. They only see the web server, not your implementation details.

Is it authenticode or strong names or something else?

No. Your scenario is that you wish to protect yourself, a software provider, from your users. That is exactly backwards. The .NET security system was designed to protect your users from bad software providers.

Both authenticode and strong names are systems whereby a user of software can obtain evidence that the software really was provided by the person they believe it to be provided by, rather than by evil hackers pretending to be you.

For example, suppose I become evil and send you a new version of System.DLL that I say is a software upgrade from Microsoft, but actually watches you type in passwords and emails them to me. I can send you a DLL called "System.DLL", but I can't send you one that has the Microsoft strong name because I can't make a Microsoft strong name. Only Microsoft can do that, because the Microsoft signing key is buried deep within Building 11 and guarded by sharks with laser beams or something. Strong names protect you from me; they don't protect Microsoft.

Similarly, strong names protect your customers from attackers pretending to be you. They don't protect you from your customers. You are not the one who is under attack; they are!

the libraries are part of a commercial desktop software

The commercial desktop software model presupposes that customers are trusted by software providers to use the software in accordance with their license. If you don't trust your customers then you need an entirely different model, like keeping the software on your web server and only allowing access via a web interface.

like image 59
Eric Lippert Avatar answered Oct 04 '22 22:10

Eric Lippert


I think I get what you're saying: you've put a lot of effort into a library that is essential to your application, and you don't want someone else to use a copy of that dll in their own application basically stealing your code, even if they can't see it. The framework is not built for this. You can hide certain code using access modifiers, but public is still public. However...

What I used to do when putting a component in a library that I know could be copied and used by someone else is to give specific classes a property that must be set to my name © and year. Without that exact text, the class won't work (or will work, but poorly). Since they can't change the code, they'll be forced to admit they stole it. You could even go as far as to put a password in there. This solution isn't perfect, of course, but it's the simplest. I don't do it any more though, because I just don't care.

EDIT: come to think of it, there are some commercial components that require a login before they can be used. Usually in the form of a username and a byte array that you buy from the author.

like image 41
Patrick Avatar answered Oct 04 '22 22:10

Patrick