All geek questions in one place

Is access to private fields and properties a reflection of a security issue?

I recently learned here that it is possible (at least in C #) to look for private fields and properties due to reflection.

I was surprised, although I knew that in some way, constructs like the DataContractSerializer class needed to be able to access them.

The question is, can anyone access every field in my classes, this is kind of unsafe, right? I mean, if someone has a private bool _isLicensed . It can be easily changed!

I later learned here that field access tools are not designed to provide security.

So, how can I make my application safe, which means how I forbid anyone other than me from changing important status values ​​inside my classes?

+4
source share
4 answers

The question is, can anyone access every field in my classes, this is unsafe, right?

Not everyone can. Only code with sufficient permissions is trusted code. Insufficient code is limited. On the other hand, if a person who wants to use reflection has his own assembly, they can run trusted code on their own machine. This is not a new attack vector, although as if they have their own code, they can also modify it to make the field public in the first place.

Basically, if the code runs on their machine, you should expect them to be able to do something with it. Do not rely on access modifiers to keep something secret.

So, how can I make my application safe, which means how I forbid anyone other than me from changing important status values ​​inside my classes?

If a hostile user runs your code on their own, you pretty much can't. You can make it harder for them, but this is an arms race that is not fun.

Thus, one option in some cases is not to let anyone else run your code - post it on the Internet in an environment that you have blocked. Of course, this is not suitable in all cases.

If you must allow users to run the code itself, you need to weigh the disadvantages associated with their unauthorized costs, which make this intervention difficult to do. We cannot help you in this balancing action - we have no idea what your application is, or which of them are related (reputational, financial, etc.).

+11
source

private public, etc. are part of http://en.wikipedia.org/wiki/Encapsulation . use should make your API understandable and avoid errors.

There is no reliable way to avoid communicating with your program. You may have noticed that all programs crack for several days usually.

in.net is VERY easy because the IL code was very readable at http://ilspy.net/ , and so you can use any DLL and just read it like C # code.

you can make it more annoying to read your code using the obfuscator http://en.wikipedia.org/wiki/List_of_obfuscators_for_.NET

but apps like http://de4dot.com/ break it down VERY easily.

SecureString is a good trick: https://msdn.microsoft.com/en-us/library/system.security.securestring%28v=vs.110%29.aspx

writing your code in a low-level language, such as C ++, can make your code very annoying. but soon an experienced hacker will do whatever he wants with your program.

the only option that can be safe is to provide your application as a cloud service in which the user sees only the screen output and sends the input from the keyboard / mouse.

+6
source

This should have been a comment on John Skets’s answer, but he left the room.

An excellent answer, by the way, but I must also add that the code is not intended to be sure of its understanding.

Most developers know how to change classes and introduce them into classes. There are many utilities that not only decompile your code, but also allow you to embed it in it.

I would not spend much effort trying to make your code more secure, I would try to expect the code to be changed. Many programming languages ​​do not have such modifiers as private , public , internal , protected , etc. They rely on developers to understand the implications of using this code themselves. These programming languages ​​were very successful, because developers understand that changing, calling, or entering code that the API does not specify has results that the developing company does not and does not support.

Therefore, expect your code to be changed and make sure your applications respond to incorrect changes accordingly.

Sorry if this sounds like a comment ...

+1
source

To add to all the other answers, an easy way to look at this is: if the user really wants to break your code, let them. You do not need to support this use.

Just don't use access modifiers for security. Everything else is the user interface.

+1
source

Source: https://habr.com/ru/post/978048/

More articles:


All Articles