1

I've just bought a ServiceStack.Text license and I want to incorporate it into my code. On the server-side, I can do this securely. However I need this to also work on a mobile client device, as I need to serialize/deserialize things on the mobile device. I can't seem to find/figure out a secure way of handling this. As far as I can tell, it will always be readable in the mobile client's memory.

Am I mistaken in this? Is there some other way of handling this, perhaps somehow using the Service Clients mentioned in this post? (But I need to do the serializing/deserializing on the client itself, not just posting to a server.)

Community
  • 1
  • 1

1 Answers1

1

It's a good idea to use some Simple string obfuscation techniques so the license key is not visible in plain-text when analyzing your decompiled program and so will require some effort to decipher, but ultimately it's impossible to secure protected keys inside your deployed application given by design if your application needs and can read it, it will always be decryptable with enough effort.

Community
  • 1
  • 1
mythz
  • 141,670
  • 29
  • 246
  • 390
  • Thanks for the extremely quick reply! I just wanted to make sure I was doing due diligence for protection of the key, as I did not know if you had a mechanism in your library that I couldn't find that avoided resorting to obfuscation. I'm just glad your library doesn't have the PCL problems I've had with other Json serializers! –  Nov 21 '14 at 15:18