Is there anyway to prevent people from using Reflector.net to decompile my .exe c# application? I know there is a tons of post about this but I don’t really care if people can see my code the only thing I want to “hide” is my database connection string.
I am currently using “Settings” in my c# to keep the database connection’s info.
I wanted to know if using those string in my project’s Settings would prevent people from seeing it ?
I am using DotFuscator in visual studio 2008 but I heard it wasn’t preventing people from decompiling my program.
I know I could use a Web Services but my server will be on linux so I guess I can’t store web services on Linux.
No. Even if you encrypt the connection string in the program code or in a settings file, you will need to decrypt it, and the program must necessarily contain the decryption key somewhere, which means that someone who is interested enough in finding it will find it, no matter how creative you are in hiding it. Why do you need to hide the connection string? If you are afraid that someone who has your program might call the web services directly and trigger unintended actions, you should look into how the web services are structured, what they allow clients to do, and how the authorization works, and make security improvements there instead.