Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My Windows 8 (Metro) application uses different web services to access and mash up data. Each of those services requires a key (some multiple keys) to access them. As a result, these keys are valuable, and cost me money (or can, based on usage). I can easily include those keys in my application. But how can I secure my keys from prying eyes and abuse?
You can’t secure it completely. You need to treat it as completely and totally compromised, because there is a workaround to everything you can put in place.
It’s the same with WinForms apps.
Related from when I was asking for something similar: Common vulnerabilities for WinForms applications
Short version – Even if you store these keys elsewhere, if the end user can decompile your code and see how your code is accessing those keys, they can get at them.
The BEST you can do is add as many layers as possible (and reasonable) your defenses to make it as difficult as possible. Our approach is listed in this answer. You may be able to improve upon it. If so, please share, because we’d like to improve upon ours.