如何限制某些程序集的反射?
在我的 .net 应用程序中,我想限制对某些程序集的反射。我的意思是我希望我的特定程序集只能由某些预定义的程序集反映,而不是由其他任何程序集反映。我怎样才能做到这一点?
编辑:
此工具完全关闭程序集的.NET反汇编和反编译。我想允许一些预定义的程序集反映此程序集,但限制其他程序集这样做。我想要一些应该以汇编方式声明的东西,例如 AssemblyOne 已向 AssemblyTwo 授予您可以反映我的权限,因此只有 AssemblyTwo 应该能够完全信任地反映它,其他人都不能。
In my .net application I want to restrict reflection to certain assemblies. I mean I want that my a particular assembly can be reflected by only some predefined assemblies not by any other than that. How can i do that?
Edit:
This tool completely shuts down .NET disassembly and decompilation of an assembly. I want to allow some predefined assemblies to reflect this assembly but restrict others doing this. I want something that should be declared assembly wise e.g. AssemblyOne has gives permission to AssemblyTwo that you can reflect me, so only AssemblyTwo should be able to reflect it with full trust, no one else.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您链接到的工具基本上将整个应用程序编译为本机代码。这并没有真正“关闭”反射或其他任何东西,它只是将应用程序变成完全不同的东西,它不再是字节码,从技术上讲也不再是 .NET 程序集。
完全信任的调用者可以始终在 .NET 程序集及其内部的所有内容上使用反射。除了(a)混淆,任何有足够耐心和决心的人都可以反混淆,或(b)编译为本机代码,这将阻止任何类型的反射(以及许多其他有用的功能),您无法阻止这种情况的发生,并且您当然也无法将其限制为特定的程序集。
与其他答案所说的相反,
ReflectionPermissionAttribute
并不会阻止调用者反映您的代码;相反,它控制从代码到反射 API 的访问。这里不会有任何帮助。为什么隐藏代码或类结构如此重要?除非您为国家安全局工作,否则大多数代码都没有那么有价值/秘密,并且只要有足够的时间和资源,大多数应用程序都很容易进行逆向工程。实际上,攻击者或抄袭者从 Reflector 中复制代码和/或使用 Reflection 来发现您的 API 几乎得不到什么好处。
我想我只能代表自己说话,但如果有 1 天的空闲时间来实现一项很酷的功能或投资于保护内部代码,我将始终致力于开发真正增加价值的新功能。
The tool you linked to basically compiles the entire application into native code. That doesn't really "shut down" Reflection or anything else, it just turns the application into something entirely different, it's no longer bytecode and not technically a .NET assembly anymore.
Callers with full trust can always use reflection on a .NET assembly and everything inside it. Aside from (a) obfuscation, which anybody with enough patience and determination could de-obfuscate, or (b) compiling into native code, which would prevent any kind of reflection (and many other useful features), you can't prevent this from happening, and you certainly can't restrict it to specific assemblies.
The
ReflectionPermissionAttribute
, contrary to what one of the other answers says, does not prevent callers from reflecting on your code; rather, it controls access from that code to the Reflection APIs. It's not going to be of any help here.Why is it so important to hide your code or class structure anyway? Unless you're working for the NSA, most code just isn't that valuable/secret, and most applications are trivially easy to reverse-engineer given sufficient time and resources. Realistically, an attacker or plagiarist stands to gain very little from copying code out of Reflector and/or using Reflection to discover your API.
I suppose I can only speak for myself, but given 1 free day to either implement a cool feature or invest in trying to protect the internal code, I would always work on new features that actually add value.
如果此人完全信任程序集,则您无法阻止他们访问程序集的任何部分。
http://www.pcreview.co.uk/forums/thread-2196297.php
If the person has full trust of the assembly, you can't prevent them from accessing any part of it.
http://www.pcreview.co.uk/forums/thread-2196297.php
反思是不可抗拒的! :-)
我认为除了编写本机代码之外,您无法阻止反射。而且,它仍然可以被拆卸。如果您需要防止某些代码落入未经授权的手中,请将其保存在您控制并允许远程访问的服务器上。
Reflection is irresistible! :-)
I don't think you can prevent reflection other than writing native code. And still, that can be disassembled. If you need to keep some code off unauthorized hands, keep it on a server that you control and allow remote access to it.
我想知道你想要限制反射的场景是什么。您是否担心暴露代码库中的一些超级机密数据?某段代码非常智能,以至于您对它有一些优势?
我问的原因是我只是不相信我们在软件开发中所做的任何事情在代码库级别本身都是如此独特以至于它需要人们不看它 - 所以我想知道是否可能你走错了路。由于您没有提到为什么要阻止反射,我不知道您的场景是否有意义(至少从我的观点来看)来限制访问。
我无法想象一个现实世界的场景,限制访问真的能让你到达任何地方——现在的系统并不是任何特定代码块的辉煌,而是完整的包(用户体验、客户服务、快速发展保持)与使用速度等)。如果你的代码很好,它会随着时间的推移而改变,这样任何人“破解”它都会比你当前的迭代落后两步(至少)。 你的价值是你的大脑,而不是程序集。
如果你这样做是出于安全原因,那么你真的不应该试图通过阻止反射来“保护”它。
再说一次,你可能有一个我没有想到的阻止反射的正当理由,但我相当怀疑它是否值得付出努力,并且我倾向于相信你的精力最好花在其他地方......比如让你的代码想要阻止得更好。
I'm wondering what your scenario is for wanting to restrict reflection. Are you concerned about exposing some super-secret data baked into your codebase? some chunk of code that is so incredibly smart that you have some advantage with it?
The reason I ask is I just don't believe that anything that we do in software dev is so unique in itself at code library level that it requires people not looking at it--so I wonder if maybe you are going down the wrong path. Since you don't mention why you want to block reflection I don't know if maybe your scenario makes sense (at least from my POV) to restrict access.
I can't think of a real-world scenario where restricting access would really get ya anywhere--it's not the brilliance of any particular chunk of code that makes a system nowadays, it's the full package (UX, customer service, rapid evolution keeping pace with usage, etc). If your code is any good, it will change over time so that anyone 'cracking' it will be two steps behind your current iteration (at least). Your value is your brain, not the assembly.
And if you are doing it for security reasons, then you really shouldn't be attempting to 'secure' it by blocking reflection.
Again, you might have a valid reason to block reflection that I haven't thought of, but I rather doubt it's worth the effort and I would tend to believe that your energy would be better spent elsewhere... as in making that code you want to block even better.