Reputation: 153

Protecting compiled source code

My program uses a webrequest to send information to my website.

Dim request As WebRequest = WebRequest.Create("http://www.mysite.com./record_use.php?w=" & strRecord)

The string (strRecord) is simply the name of the exe running, date etc. Someone has got into the code and sent their own version of strRecord to the website.

How is this possible?

Do I need to protect my compiled code and if so, how?

Graham

Upvotes: 0

Answers (3)

Christian Hayter

Reputation: 31071

The fundamental issue here is that your website is trusting incoming data from somewhere else on the internet. All an attacker needs to do is send you dodgy data; your exe has probably not been hacked at all, it's not worth the effort for them.

You could put in place some kind of HTTP POST system using SSL and client certificate authentication, but even then, attackers could compromise it by attacking your client app. It's not worth the effort for you.

The only safe solution is to make sure that your website cannot be compromised regardless of what data is sent to you or where it came from. You have to ask yourself questions like: What would be the consequence of an attacker sending me a false exe name and date? Would that corrupt my calculations, and if so, how?

Upvotes: 0

Joachim Isaksson

Reputation: 180877

No need to get into the code, anyone can just use a tool like Fiddler to watch any http communication originated on their client machine, both URLs and content, in real time.

Protecting the binary won't help you much in that case.

Upvotes: 2

yossico

Reputation: 3521

It can be done by sniffing the communication and resend the request with small modification. If you want to Encrypt your exe you can have a look here. Regards, Yossi

Upvotes: 0

Protecting compiled source code

Answers (3)

Related Questions