向您的 .Net Web 应用程序添加许可证
我目前正在考虑添加一些许可类型的软件来保护我的 .net Web 应用程序源代码。 想知道你们是否有这方面的经验并且知道是否有提供此类实用程序的公司或来源?
所以我的主要目标是保护实际文件
,即 Default.aspx 默认.aspx.cs .... 将来被复制而我无法阻止他们使用它。
谢谢
编辑:通过阅读回复,我似乎认为混淆器似乎是正确的选择。 混淆器程序仅适用于 exe 或 dll,还是也适用于单个页面?
I am currently looking at adding some licensy type software which will protect my .net web application source code. Was wondering if you guys had any experience with this and knew perhaps any companies or sources which provide such utilities ?
So my main aim is to protect the actual files
i.e Default.aspx
Default.aspx.cs
....
being copied in the future without me being able to stop them from using it.
Thanks
EDIT : From reading the replies i seem to think obfuscator seems to be the way to go.
Does a obfuscator program only work on exe or dll's or does it also work on individual pages ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
您可以做的一个步骤是将其作为 Web 应用程序而不是网站发布。
与 asp.net 的差异
就 Default.aspx 而言,我不知道如何加密通过标准 Web 服务器提供的 html 页面,或者这样,客户端仍然能够查看源代码,除非您用 JavaScript 编写整个页面(管理起来很糟糕)。
最好的选择是不要在 aspx 中包含任何应用程序逻辑代码,并使用混淆器编译二进制文件。
One step you can do is to release it as a Web Application rather than a Web Site.
Differences here from asp.net
As far as the Default.aspx, I don't know of a way to encrypt html pages that are served over standard web servers, and either way, the clients will all still be able to View Source, unless you write the entire page in JavaScript writes (horrible to manage).
Your best bet is to not include any application logic code what-so-ever in the aspx and compile your binaries using an obfusicator.
我想知道简单的预编译是否可以在您的 ASP.NET 应用程序中发挥作用,我们在公司就是这么做的。 我们提供预编译的 Web 模块,没有人会看到 aspx 代码中的内容,所有“代码隐藏”文件都被转换为 DLL。
在此处查看更多内容
I wondering if a simple pre-compile will do the trick in your ASP.NET application, we do that here in the company. We ship our Web modules pre-compiled and no one will see what's in the aspx code, all the "code-behind" files are translated into DLL's.
see more here
我不会为混淆而烦恼:.Net 3.5 中最新的语法糖、编译时技巧和优化已经使简单的逆向工程变得相当困难。
例如,每次使用
yield
关键字时,它都会生成一个具有复杂结构和不可读名称的枚举类。混淆会使逆向工程变得更加困难,但还不够。 要么会通过 reflector 的副本阻止基本的黑客攻击,但两者都不会阻止或阻止一位坚定而专业的破解者。
我会对你的所有程序集进行密钥签名 - 然后如果他们逆转其中一个,他们就必须逆转所有。
我会将尽可能多的实际应用程序逻辑从 Web 项目中取出并放入引用的 DLL 中 - 您的 Web 项目实际上应该全部与 UI 相关。 这使得对底层逻辑进行单元测试变得更容易,并且如果您认为值得的话,也更容易混淆。
I wouldn't bother with obfuscation: the latest syntax-sugar, compile-time tricks and optimisations in .Net 3.5 make simple reverse engineering pretty tough already.
For instance each time you use the
yield
keyword it generates an enumeration class with a complex structure and an unreadable name.Obfuscation will make it tougher to reverse engineer, but not by a enough. Either will deter the basic hack with a copy of reflector, neither will deter or stop a determined and expert cracker.
I would key-sign all your assemblies - then if they reverse one they have to reverse all.
I'd take as much of the actual application logic out of the web project and into referenced DLLs - your web project should really be all about the UI. This makes it easier to unit test the underlying logic, and easier to obfuscate if you decide that it's worth it.
您的网站可以向您发送每个用户登录时的一些服务器计算机信息。
如果机器信息错误,请取消登录。
your web site can send to you some of the server machine information on each user login.
If the mechine information is wrong, cancel the login.
我想知道除了混淆器或预编译之外,是否还有其他方法可以保护您的酸代码。
即你有一个页面列表
默认.aspx
默认.aspx.cs
web.config
您的主要目标是防止第三方在有权访问源代码的情况下获取您的代码?
I was wondering if there was any other way to protect your sour code other than obfuscator or precompiling.
I.e you have a list of pages
Default.aspx
Default.aspx.cs
web.config
Where your main aim is to prevent a 3rd party from taking your code if they have access to the source code ?
除非你以某种方式混淆它,所以它比它值得的更多的努力,或者你预编译我不明白你如何阻止他们只是隔离许可证检查代码 - 并删除它。
您可以对源代码运行混淆器并分发混淆版本,周围有很多这样的示例,特别是对于 javascript。
unless you obfuscate it in some way so it is more effort than it is worth, or you precompile I don't see how you could prevent them from just isolating the license checking code - and removing it.
You can run an obfuscator over the source code and distribute the obfuscated version, there are numerous examples of this around, particularly for javascript.
我认为你在这里混合了两种不同的东西。 一是法律保护(这就是许可证的用途),二是实物保护。 如果每个人都遵守法律,那么就不需要人身保护。
我建议您选择适合您的许可证(有很多),然后以任何方式进行物理保护。
I think you are mixing two different things here. One is law protection (that's what licences are for) and the other is physical protection. If everyone would obey law, then physical protection would not be needed.
I suggest you choose a licence that fits you (there are many of them), then take care of the physical protection in whatever way.