I would like to know some tips how to secure DLL (Win32, dynamic) file from injecting and how to increase security of compiled code.
- There’s a SQL password in DDL source code which is used to connect to MySQL. Is it secure enough to leave it?
- Is there any way how to prevent ‘users’ modifying HEX code? I mean to secure more from source code.
- Which options in project properties would be optimal for optimizing and maybe securing DLL?
Im using MVSC++ 2010 Express and source code to users won’t be available.
In order for the DLL to be usable it needs to be readable. That means that if you encrypt your file you also need do decrypt it before using it. Also, you can sign your DLL so that you know it has not been modified, but still that doesn’t hide the symbols in the file itself. Another approach would be to obfuscate the code so that it is harder for users to understand but the OS can still easily execute it – think of that as a weak form of encryption.
Specific answers:
If you have a password in any binary file then it is not secure. It is a simple matter of looking through the strings of the binary file to find it.
Users can always modify the file, but the file can be signed using some cryptographic scheme which ensures that you will know if it has been tampered with.
I don’t use that particular tool but I’m sure that it will not provide you with any real security.
Tip: Instead of having an SQL DB password in your source code you could instead make it send commands to a server which would authenticate and process them. That way you don’t need an explicit password in your file.