In my application, I need to read an encrypted file that is distributed with the application. I also need to connect to the download service with a password. My puzzle is where to store passwords for these resources? In other languages, such as C ++, I would just save them in code. However, since there are tools that can disassemble C #, such as JetBrains DotPeek, this is not safe.
Below are the solutions that I have been thinking about so far, but I don’t think that any of them are safe:
- Keep passwords in code: nothing good, because C # can be parsed.
- Store passwords in an encrypted external resource: nothing good, because then you need to save a password for this!
- Ask the user to enter the password at first use (as other tools told them): I don’t think that I don’t think that you still need to store it for later use?
- Keeping them in a C ++ dll: not good, because you need to stop someone else calling the function in this DLL?
- Hide and encrypt passwords in the code: for example, do not call it a password and use several levels of encryption. This will make it difficult for someone who is just text searching for code, but will not stop someone ready to debug the program to find out how the resources were available. Not good.
- Obfuscating the code base to prevent disassembly: this might work. It is safe? Does anyone do this?
What is the normal solution to this rather typical problem?
source
share