保护程序集免受黑客攻击

发布于 2024-09-09 03:40:17 字数 232 浏览 10 评论 0原文

我有一个控制台应用程序引用程序集 A。我想确保如果 A.dll 被篡改或替换,该应用程序将不会运行。

一种选择是使用强名称签名。但我需要担心强名称绕过?

还有其他好的选择吗?

I have a console application references assembly A. I want to ensure that the application will not run if A.dll is tampered or replaced.

One option is to use strong-name signing. But do I need to worry about strong name bypass?

Are there any other good options?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

我偏爱纯白色 2024-09-16 03:40:17

如果您可以建立保护,黑客就可以破坏它。不要太担心防止篡改,那些可以立即破解它的人可能不会在意,即使他们这样做了,你几乎也无法阻止他们。

最好的建议是许可由专门用于以这种方式保护您的应用程序的团队构建的产品。就像密码学一样,通常最好不要自己开发。

If you can build the protection, a hacker can break it. Don't worry too much about preventing tampering, the guys who can break it in a heartbeat probably won't care, and even if they did, almost nothing you could do would deter them.

The best advice would be to license a product that's built by a team specifically for the purpose of protecting your applications in this way. Just like with cryptography, it's usually best not to roll your own.

月亮坠入山谷 2024-09-16 03:40:17

您可以使用 dll 的 MD5 哈希值,但即使这样也不是非常万无一失,因为任何想要破坏您的应用程序的人都会使用反射器并找出您真正在做什么,并且可能只是直接修改您的程序。你可以获得代码混淆器来帮助解决这个问题,但没有什么是完全防黑客的。这确实是一个权衡——阻止别人更改你的 dll 有什么价值?有人这样做的可能性有多大?为了防止这种情况发生,您需要花费多少时间=金钱?

You can use an MD5 hash of your dll, but even that's not terribly foolproof because anyone who wants to break your app will just use a reflector and find out what you're really doing and probably just modify your program straight-up. You can get code obfuscators that will help with that, but nothing is perfectly hack-proof. It's really a trade off - what is your value of preventing someone from changing your dll? What is the likelihood that someone will? and how much will it cost you in terms of time = money to protect against that?

分分钟 2024-09-16 03:40:17

据该页面的作者称:

相反,为了进行完整性检查,您
确实需要使用 Authenticode
签名。

According to the author of that page:

Instead, for integrety checking, you
really need to use Authenticode
signatures.

醉梦枕江山 2024-09-16 03:40:17

您需要的是像 www.red-gate.com/products/smart assembly/ 这样的产品,而且这样的产品有很多。然而,它们只能在一定程度上保护您的组件,没有一个是 100% 安全的。

What you need is products like www.red-gate.com/products/smartassembly/ , and there're plenty of such products. However, they only protect your assembly to certain extent, none is 100% safe.

强者自强 2024-09-16 03:40:17

执行 Web 浏览器执行的操作并依赖来自受信任第三方的证书。

Do what web browsers do and rely on a certificate from a trusted third party.

初与友歌 2024-09-16 03:40:17

实际上,甚至不要尝试以任何方式保护您的代码/程序集或其他任何内容。
我的意思是,如果它有可能(并且它被设计为)在公共计算机上运行,​​那么就不可能保护它 - 你可以在自己的计算机上做任何你想做的事情,使用好的工具等你反汇编一秒钟之内。

所以,不要尝试,你只会浪费时间。

Actually, do not even try to anyhow defend your code / assembly, or whatever else.
I mean, if it is possible (and it is designed) to be run on a computer, for public and such, it is impossible to protect it - you can do WHATEVER you want on your own computer, with good tools and such you deassemble it in a second.

So, don't try, you will just waste your time.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文