Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Considering a library that provides a function that accepts a password or a license key or sensitive data, is there any difference in terms of security between a shared and a static library?
is it possible to “sniff” the calls performed on a shared library? or to replace the original shared library with a fake shared library and “print” all the arguments passed to a function call to that library?
Indeed replacing the shared library is an easy way to capture the key. However, putting a breakpoint and capturing the key in the running application when you link the library statically isn’t hard either. So as a library developer you need to live with it – there’s no good solution for this problem. Methods to counteract stealing keys and using the “pirated” versions of your library are mainly non-technical – track users and deny support to those who are not registered, provide updates via restricted area on your web site etc.