如何保护用 .Net 编写的 API 的安全

发布于 2024-08-25 07:14:38 字数 259 浏览 11 评论 0原文

这是 SO 中有关保护/混淆 .Net 应用程序的现有问题的变体。

我正在用 C# 开发一个 API,其中包含一些我渴望保护的算法。 我知道没有任何方法是完美的,但是普遍接受的方法是什么?

我希望我的客户能够针对 API 进行编码,但我不希望他们对内部内容进行逆向工程(至少我不想让他们变得容易)。

如果我混淆了代码,那不是也会混淆 API 吗?

我们正在关注 smartAssembly,如有任何关于该产品的想法和评论,我们将不胜感激。

This is a variation on an existing question in SO about securing/obfuscating .Net applications in general.

I'm developing an API in C# that includes some algorithms I'm keen to protect.
I understand no method will be perfect, but what's the generally accepted method for doing this?

I'd like my clients to be able to code against the API but I don't want them to reverse engineer what's inside (at least I don't want to make it easy for them).

If I obfuscate the code, won't that also obfuscate the API?

We're looking at smartAssembly any thoughts comments on the product would be appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

说谎友 2024-09-01 07:14:38

这可能不适合您,但请考虑通过永远不分发算法来保护算法。您能否通过 Web 服务、.asmx 或 WCF 提供处理?

AFAIK,没有绝对完美的方法来保护您的代码,但混淆和加密可能会使逆向工程变得更加困难。

This may not be an option for you, but consider protecting the algorithms by never handing them out. Can you provide the processing through a webservice, .asmx or WCF?

AFAIK, there is no absolutely perfect way to protect your code but obfuscation and encryption can make it more difficult than it's worth to reverse-engineer.

倥絔 2024-09-01 07:14:38

混淆它。混淆工具不会混淆公共 API,因为这会破坏依赖于它的外部代码。

Obfuscate it. Obfuscation tools don't obfuscate the public API as that would break external code that depends on it.

岁月打碎记忆 2024-09-01 07:14:38

您提到了 smartAssembly。还有 DotnetreactorDotfuscator 和开源混淆器:sharpobfuscator

You mentioned smartAssembly. There is also Dotnetreactor, Dotfuscator and an open source obfuscator: sharpobfuscator.

寒冷纷飞旳雪 2024-09-01 07:14:38

一个好的代码混淆器会接受一系列异常而不进行混淆,并且一般情况下会切换到仅混淆实现细节而不触及公共 API(类、属性等)。因此,如果您编码正确(外观公开,所有实现细节非公开),它应该做得很好。

A good code obfuscator will take a lis tof exceptions to not obfuscate and IN GENERAL have a switch to ONLY obfuscate implementation details and not touch the public API (classes, properties etc.). So, if you coded right (facade public, all implementation details non-public) it should do a good job.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文