Secure .net Application RRS feed

  • Question

  • I have an erp application use sql azure as the database solution or Sql Server 2008 R2 for onprimise installation.The application in Azure use schema feature with user seperation.Its Login have one or more users with rights only to the schema the application use to store the data.

    This work and work correctly.

    The application is Win 32 application.

    Recently with Sync Framework I create a .net application who Sync the schema with on premise database.

    Work ok but the problem is the in order to provision sql azure i need to use the admin server user (user with rights to control all schema in the database).

    My question is how can be sure, if i provide an array of the admin users available for my sql azure servers in a const value in the .net application that this information will be secure.In 2003 when faramework 1.1 lanched i show how easilly you can get any info from a .net assemply and that was the main issue i do not use it that time.

    I know about few utillities that secure .net code with encrypted ,but i need your opinion and sugestions about that issue in order to lanch my sync application to my customers.

    The .net Sync Application is a Windows Form VB.net application with Visual Studio 2010.


    P Velachoutakos
    • Moved by Jesse Jiang Monday, August 29, 2011 10:42 AM (From:.NET Compact Framework)
    Friday, August 26, 2011 8:22 AM

All replies

  • Hello,


    I think your issue should be raised in the SyncFx - Microsoft Sync Framework Developer Discussions. I believe they will know more information of this issue than us, and I will move this one to that forum.


    Thanks for your understanding,


    Best regards,


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, August 29, 2011 10:42 AM
  • your question is not exactly specific to Sync Framework. whether you use sync framework or not, you need to secure the Azure credentials in your app regardless of  whether its a low priviledged user or an admin user. I suggest you have a look at this: http://social.technet.microsoft.com/wiki/contents/articles/sql-azure-connection-security.aspx



    Tuesday, August 30, 2011 2:44 AM
  • Just an update , I was refering to secure .net assemply for reflection, protect not only the credentials , but the code.

    In Win32 app , a Delphi exe ,you cannot reverse it (easilly, with just 3 clicks).

    a link to that topic would be great.

    P Velachoutakos

    Saturday, March 24, 2012 9:18 PM
  • you might want to post your  question in the general .net forums. or search for code obfuscation. if am not mistaken, VS comes with Dotfuscator, you might want to do a search on that.
    Sunday, March 25, 2012 11:02 AM
  • The Dotfuscator ships with VS has very limited protection.

    I am referring to a 7 ways protection solution with a logical cost. The commercial edition of  Dotfuscator is the best solution , but very expensive for my budjet.

    P. Velachoutakos

    Saturday, May 12, 2012 12:06 PM
  • I do not know how to move this thread to .net forum, if anyone can do it , please ...

    P. Velachoutakos

    Saturday, May 12, 2012 12:08 PM