Emrah Diril
Emrah Diril

Reputation: 1755

Does silverlight code need protection?

I don't quite understand how Silverlight code works within the browser. Are the assemblies downloaded to the client machine? Is there any chance of the code getting decompiled using Reflector or some similar tool? If so, what options does one have to protect the code? Do .net obfuscators work with Silverlight?

Upvotes: 5

Views: 3130

Answers (7)

logicnp
logicnp

Reputation: 5836

Yes, Silverlight xap files are nothing but zip files with your assemblies in them, so they do need protection via obfuscation. Give Crypto Obfuscator a try - it directly obfuscates xap files, it can also obfuscate XAML files in your assemblies by renaming class references, stripping comments, whitespace, newlines, etc

Upvotes: 0

shahaji
shahaji

Reputation: 11

Emrah,

Yes obfuscation is possible for SL application.

Upvotes: 1

Tanmoy
Tanmoy

Reputation: 45652

To view a Silverlight application the client download a .xap file that contains the dll and one configuration xml and optional resources. The dll contains compiled c# code that runs in a Silverlight runtime in client machine. Silverlight runtime is basically a subset of complete .net runtime. So the point is user gets the code in dll and then can use tools to get original source code. So at most you can do is obfuscation. Still for very critical code that should not be the option. You can use some other way (WCF or other webservices to hide some part of your code may be) if it shouts your need.

Upvotes: 5

Aaron Fischer
Aaron Fischer

Reputation: 21211

If your afraid some one will steal your intellectual property and that law is not enough, Then you will need to obfuscate your code. But I would not call that protection per say but a deterrent to the casual reverse engineer.

Upvotes: 2

Bryant
Bryant

Reputation: 8670

If you want to see just how easy it is to look at the code in a silverlight app just run SilverlightSpylink text by FirstFloor. As long as your have .NET Reflector installed you will be able to see (as you interact with the app) all the source code including the xaml files.

Since the code does get downloaded to the client (and even trying to prevent it with pragma no-cache won't work since they can hit the URL) you will need to protect your code by keeping important logic on the server.

Upvotes: 2

Brian Leahy
Brian Leahy

Reputation: 35527

Putting a pragma -No Cache- will prevent the .xap from being stored on the machine, instead it will be streamed by the Silverlight plugin. Without the pragma the .xap file is stored in the temp internet files.

Putting the application on a page on https will further protect the transmition of the .xap

If possible require authentication to view the web page / .xap file (thanks Joel)

Upvotes: 1

17 of 26
17 of 26

Reputation: 27382

Whenever you are in a web browser, all client side code is downloaded to the machine and can be examined by the user. This goes for Javascript, Flash, and Silverlight.

If you have proprietary code that absolutely must be hidden then you need to put it on the server and expose an API that the clients can call to show information to the user.

Upvotes: 6

Related Questions