Options

Merging vs Embedding: which one is more secure ?

clement_911clement_911 Posts: 9
edited December 24, 2010 4:30AM in SmartAssembly 5
Hi.

I'm building a silverlight app and evaluating SmartAssembly.

I was wondering what is the recommended method to maximize security between Merging and Embedding ?

Also why is not possible to do both ?

Is there a way to obfuscate all non public members of dependency ? Therefore all assemblies would be obfuscated without the need to merge.

Thanks
· Share on Twitter

Comments

  • Options
    clement_911clement_911 Posts: 9
    A couple of extra things.

    I tried the Embedding functionality with encryption + compression and the resulting xap actually got bigger !?

    Also, I'm assuming the decryption key is stored somewhere, so I'm wondering how secure the encryption is.

    The product looks great so far though....

    Cheers.
    · Share on Twitter
  • Options
    ShortAngryShortAngry Posts: 13
    Did you check out the following couple of links?

    http://www.red-gate.com/supportcenter/C ... 121047.htm

    http://www.red-gate.com/supportcenter/C ... 121047.htm

    They give a bit more information about these functions. As for using it with Silverlight it can be a bit of a pain. If in doubt you should get in touch with support@red-gate directly.
    · Share on Twitter
  • Options
    clement_911clement_911 Posts: 9
    Yes I did check those but they do not answer my questions above.
    · Share on Twitter
  • Options
    Brian DonahueBrian Donahue Posts: 6,590 Bronze 1
    Why is it not possible to do both merging and embedding? These are both two different approaches to do the same thing, which is to prevent you from having to ship the dependent DLLs. Doing both would not make sense.

    The XAP could be bigger as a result because to workaround one of the strange issues in Silverlight, an additional manifest has to be added to the XAP. And if I'm not mistaken, the BAML resources are already compressed before SA gets hold of them?

    I don't think the encryption key for strings and resources is stored in the assembly. Even it it was, I don't believe I would tell you where it is. :-)
    · Share on Twitter
  • Options
    clement_911clement_911 Posts: 9
    I'm thinking 2 protections would be stronger than 1.
    I see, so compression does not make so much sense in the case of Silverlight where xap are already zip files.
    · Share on Twitter
  • Options
    Brian DonahueBrian Donahue Posts: 6,590 Bronze 1
    Merging and embedding aren't protecting features really, unless you count merging and obfuscating, or embedding and encryption, which protect code in combination.

    I had a bit of a discussion round the office and have discovered there is one circumstance where you would want to merge and embed, and that has to do with assemblies that provide interfaces for remoting, because remoting will still try to bind the assembly even if it's been merged. Sorry, I find this difficult to explain. But there may be a genuine use case for it.
    · Share on Twitter
Sign In or Register to comment.