问题
This is a variation on an existing question in SO about securing/obfuscating .Net applications in general.
I'm developing an API in C# that includes some algorithms I'm keen to protect. I understand no method will be perfect, but what's the generally accepted method for doing this?
I'd like my clients to be able to code against the API but I don't want them to reverse engineer what's inside (at least I don't want to make it easy for them).
If I obfuscate the code, won't that also obfuscate the API?
We're looking at smartAssembly any thoughts comments on the product would be appreciated.
回答1:
This may not be an option for you, but consider protecting the algorithms by never handing them out. Can you provide the processing through a webservice, .asmx or WCF?
AFAIK, there is no absolutely perfect way to protect your code but obfuscation and encryption can make it more difficult than it's worth to reverse-engineer.
回答2:
Obfuscate it. Obfuscation tools don't obfuscate the public API as that would break external code that depends on it.
回答3:
You mentioned smartAssembly. There is also Dotnetreactor, Dotfuscator and an open source obfuscator: sharpobfuscator.
回答4:
A good code obfuscator will take a lis tof exceptions to not obfuscate and IN GENERAL have a switch to ONLY obfuscate implementation details and not touch the public API (classes, properties etc.). So, if you coded right (facade public, all implementation details non-public) it should do a good job.
来源:https://stackoverflow.com/questions/2463241/how-to-secure-an-api-written-in-net