silverlight代码需要保护吗?
我不太明白 Silverlight 代码如何在浏览器中工作。 程序集是否下载到客户端计算机? 是否有可能使用 Reflector 或类似工具对代码进行反编译? 如果是这样,有哪些选择可以保护代码? .net 混淆器可以与 Silverlight 一起使用吗?
I don't quite understand how Silverlight code works within the browser. Are the assemblies downloaded to the client machine? Is there any chance of the code getting decompiled using Reflector or some similar tool? If so, what options does one have to protect the code? Do .net obfuscators work with Silverlight?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
添加 pragma -No Cache- 将阻止 .xap 存储在计算机上,而是由 Silverlight 插件进行流式传输。 如果没有编译指示,.xap 文件将存储在临时 Internet 文件中。
将应用程序放在 https 上的页面上将进一步保护 .xap 的传输
如果可能的话需要身份验证才能查看网页/.xap 文件(感谢 Joel)
Putting a pragma -No Cache- will prevent the .xap from being stored on the machine, instead it will be streamed by the Silverlight plugin. Without the pragma the .xap file is stored in the temp internet files.
Putting the application on a page on https will further protect the transmition of the .xap
If possible require authentication to view the web page / .xap file (thanks Joel)
Emrah,
是的,SL 应用程序可以进行混淆。
Emrah,
Yes obfuscation is possible for SL application.
是的,Silverlight xap 文件只不过是包含程序集的 zip 文件,因此它们确实需要通过混淆进行保护。 尝试 Crypto Obfuscator - 它直接混淆 xap 文件,也可以混淆 XAML通过重命名类引用、删除注释、空格、换行符等来更改程序集中的文件
Yes, Silverlight xap files are nothing but zip files with your assemblies in them, so they do need protection via obfuscation. Give Crypto Obfuscator a try - it directly obfuscates xap files, it can also obfuscate XAML files in your assemblies by renaming class references, stripping comments, whitespace, newlines, etc
每当您使用网络浏览器时,所有客户端代码都会下载到计算机上并可供用户检查。 这适用于 Javascript、Flash 和 Silverlight。
如果您有绝对必须隐藏的专有代码,那么您需要将其放在服务器上并公开一个 API,客户端可以调用该 API 来向用户显示信息。
Whenever you are in a web browser, all client side code is downloaded to the machine and can be examined by the user. This goes for Javascript, Flash, and Silverlight.
If you have proprietary code that absolutely must be hidden then you need to put it on the server and expose an API that the clients can call to show information to the user.
要查看 Silverlight 应用程序,客户端需要下载一个 .xap 文件,其中包含 dll 和一个配置 xml 以及可选资源。 该 dll 包含已编译的 C# 代码,该代码在客户端计算机的 Silverlight 运行时中运行。 Silverlight 运行时基本上是完整.net 运行时的子集。 所以重点是用户获取dll中的代码,然后可以使用工具获取原始源代码。 所以你最多能做的就是混淆视听。 对于非常关键的代码来说,这仍然不应该是一个选择。 如果您需要的话,您可以使用其他方式(WCF 或其他网络服务来隐藏代码的某些部分)。
To view a Silverlight application the client download a .xap file that contains the dll and one configuration xml and optional resources. The dll contains compiled c# code that runs in a Silverlight runtime in client machine. Silverlight runtime is basically a subset of complete .net runtime. So the point is user gets the code in dll and then can use tools to get original source code. So at most you can do is obfuscation. Still for very critical code that should not be the option. You can use some other way (WCF or other webservices to hide some part of your code may be) if it shouts your need.
如果您想了解查看 silverlight 应用程序中的代码有多么容易,只需运行 SilverlightSpy链接文本,作者:FirstFloor。 只要您安装了.NET Reflector,您就可以看到(如您与应用程序交互)所有源代码,包括 xaml 文件。
由于代码确实被下载到客户端(甚至尝试使用 pragma no- 来阻止它)缓存将不起作用,因为它们可以命中 URL)您需要通过在服务器上保留重要逻辑来保护您的代码。
If you want to see just how easy it is to look at the code in a silverlight app just run SilverlightSpylink text by FirstFloor. As long as your have .NET Reflector installed you will be able to see (as you interact with the app) all the source code including the xaml files.
Since the code does get downloaded to the client (and even trying to prevent it with pragma no-cache won't work since they can hit the URL) you will need to protect your code by keeping important logic on the server.
如果您担心有人会窃取您的知识产权,而法律还不够,那么您将需要混淆您的代码。 但我不会称之为保护,而是对休闲逆向工程师的一种威慑。
If your afraid some one will steal your intellectual property and that law is not enough, Then you will need to obfuscate your code. But I would not call that protection per say but a deterrent to the casual reverse engineer.