0

My scenario is simple: My dotnet Windows forms application is install on client machine and i don't want some one to inject application process and see the queries, tables etc. I can't control the security at client. I need to prevent my application process from injecting. How would i achieve that? Help required.

Muhammad Saad Roshan
  • 17
  • 2
  • 9
  • 1
    _"I don't want some one to inject application process and see the queries, tables etc." - What? – SᴇM Sep 17 '18 at 06:15
  • 1
    To be able to see your queries along with all other source code, no one needs to `inject application process` (whatever that means). They just need a decompiler, which is available for free. So either don't use .net or consider obfuscation (like https://www.ssware.com/articles/protect-and-obfuscate-your-dotnet-code-against-reverse-engineering-using-crypto-obfuscator.htm). – Jürgen Röhr Sep 17 '18 at 06:23
  • 2
    Don't put code you want to protect on machines that you do not control. Introduce a *server* into your architecture that does the bits you need to protect and run that on machines you *do* own/control. Then have the client applications talk to it instead. – Damien_The_Unbeliever Sep 17 '18 at 06:32
  • 2
    Consider also the shear amount of work that has been put into anti-piracy measures for games/movies and the fact that piracy does still happen. What makes you think you'll be able to solve a problem that thousands of others before you haven't? – Damien_The_Unbeliever Sep 17 '18 at 06:33
  • @Jurgen Rohr: i considered encryption but that's not possibly solve my problem. Please see my previous question: https://stackoverflow.com/questions/52269454/encrypt-data-traffic-between-c-sharp-and-mysql/52280154?noredirect=1#comment91576462_52280154 – Muhammad Saad Roshan Sep 18 '18 at 06:36

1 Answers1

1

If I understand your question correctly, you want to avoid that someone can inject code into your application that's running on a client computer.

Simple answer: You cannot. If it's the users computer, he's usually even allowed to debug, which allows any changes to your application while it runs.

There are (more or less effective) ways of preventing that the user tampers with the application files, but that's not really safe either.

When you want to prevent that your application can do harm to other systems when it's tampered with, you need to secure the server side.

PMF
  • 14,535
  • 3
  • 23
  • 49
  • I have seen this post but i dont have any idea how to achieve this https://stackoverflow.com/questions/869320/how-do-i-prevent-dll-injection – Muhammad Saad Roshan Sep 18 '18 at 06:33
  • @MuhammadSaadRoshan: These are very advanced technolgies and concepts. Thousands of highly-paid programmers are working on preventing applications from being tampered with, but the hackers are always picking up the pace. You can invest time to make hacking attempts more difficult, which will eventually get any newbies out of the challenge, but it's not possible to eliminate that risk completely. Usually, it's enough to make your application so safe that hacking it is more expensive than buying a legitimate copy. – PMF Sep 18 '18 at 08:38