Obfuscation

Hi

Can anyone point me to an example of how to encrypt the web.config connection string using Dotfuscator? I'm using Dotfuscator Professional Edition 3.0 Evaluation with Visual Studio Professional 2005, and have added a Dotfuscator project to my ASP.Net project, but can't work out how to add an input assembly.

Thanks
SteveC

 

Doesn't anybody have an answer to this? What about you DASPs? Why is it that whenever I raise the issue of obfuscation I get zero responses? Are people afraid of giving up "reverse-engineering" secrets? Send me a private message if you wish.

SteveC

 

obfuscation is for compiled binaries. if you want to protect the web.config, you'll have to research encrypting the web.config settings.



Joel Thoms
DiscountASP.NET
http://www.DiscountASP.NET

 

Thanks for your replies


I was under the impression that Dotfuscator from PreEmptive Solutions can be used to protect ASP.Net projects.


As far as encryption goes, I hit a wall in trying to make the .Net login control recognise an encrypted connection string; seems that it requires a valid, unencrypted string before you can change it.
Any ideas?

SteveC

 

I dont have any experience with encrypting the web.config. you might want to scour these forums and asp.net's to see if you can find anything useful.



Joel Thoms
DiscountASP.NET
http://www.DiscountASP.NET

 

Steve,</o>
As you have figured out dotfuscator is for mangling the IL code and not the web config. I think that you want to do something along the lines of encrypting using the Windows Data Protection API. I haven't done anything in ASP.NET 2.0 but I played around with the DPAPI in 1.1. </o>
Some hints on what you are trying to do can be found from the 4 guys from Rolla http://aspnet.4guysfromrolla.com/articles/021506-1.aspx. Which in turn will point you to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000005.asp.</o>
Hope this helps.</o>
Michael</o>
</o>