This is How They Will Discover Secrets You Hide

29 בדצמבר 2006

אין תגובות

If you publish your code on the internet then first They will use Google CodeSearch. For example, try looking for "initial catalog":

http://www.google.com/codesearch?q=%22initial+catalog%22&hl=en

If They are lucky and They have your binaries then Reflector might help looking for juicy hard coded strings but I believe They will chose to get all the strings using simple tool that ships with Windows, FindStr, in conjunction with ILDASM that ships with .Net SDK or Visual Studio

Like this:

Ildasm.exe secureapp.dll /text | findstr ldstr

IL_000c: ldstr "RegisterUser"

IL_0027: ldstr "@userName"

IL_0046: ldstr "@passwordHash"

IL_003e: ldstr "Logon successful: User is authenticated"

IL_0050: ldstr "Invalid username or password"

IL_0001: ldstr "Server=AppServer;database=users; username='sa'; password=password"

How to get protected?

  • Do not hard code sensitive information.
  • Use windows authentication whenever possible thus avoiding managing credentials.
  • Use platform features to protect sensitive information.

Full how-to index here: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityHowTosIndex.asp?frame=true

Cheers

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. (*) שדות חובה מסומנים