CodingForums.com - View Single Post

AceInfinity · 02-06-2013, 04:22 AM

It would be a Form class, but first you need to understand why alykins posted something about an HTTP Request for this. I believe what he's trying to do there is to do the validation trhough some online place to decide whether to show a Form?

The benefit of this is because .NET is not very secure lol... It can be decompiled quite easily. You DO NOT want to have your password validation against a plaintext password hardcoded into the app itself. Regardless, I bet you I could still get around this HTTP Request validation if I really wanted to, because all of the instructions for when and if you are validated, still exist within the app itself. It would be a simple "jmp" instruction most likely to bypass the validation completely.

If you're just beginning in .NET though, you don't have a hope of making your app 100% secure, that's all I can say. Not because you're "terrible" by any means. Protection in .NET is actually pretty complex to achieve. Actually, this is true in most other languages too. With an advanced reverse engineer you'd almost have no chance.

Lots of people choose to have an online SQL database though for validation, and your app sends a request and receives a response as to whether you are validated or not...

The data is stored as a hash, and the input from the program is hashed to compare with the hashed value in the database to test for equality. If they match, then Show the new Form(), otherwise, show an error message?

Thus you can obviously see that we need an If statement here. Hope that helps...

02-06-2013, 04:22 AM	PM User \| #7
AceInfinity New Coder Join Date: Jan 2013 Location: Canada Posts: 15 Thanks: 0 Thanked 0 Times in 0 Posts	It would be a Form class, but first you need to understand why alykins posted something about an HTTP Request for this. I believe what he's trying to do there is to do the validation trhough some online place to decide whether to show a Form? The benefit of this is because .NET is not very secure lol... It can be decompiled quite easily. You DO NOT want to have your password validation against a plaintext password hardcoded into the app itself. Regardless, I bet you I could still get around this HTTP Request validation if I really wanted to, because all of the instructions for when and if you are validated, still exist within the app itself. It would be a simple "jmp" instruction most likely to bypass the validation completely. If you're just beginning in .NET though, you don't have a hope of making your app 100% secure, that's all I can say. Not because you're "terrible" by any means. Protection in .NET is actually pretty complex to achieve. Actually, this is true in most other languages too. With an advanced reverse engineer you'd almost have no chance. Lots of people choose to have an online SQL database though for validation, and your app sends a request and receives a response as to whether you are validated or not... The data is stored as a hash, and the input from the program is hashed to compare with the hashed value in the database to test for equality. If they match, then Show the new Form(), otherwise, show an error message? Thus you can obviously see that we need an If statement here. Hope that helps... __________________ Microsoft MVP .NET Programming - (2012 - Present) ®Crestron DMC-T Certified Automation Programmer & Software Developer