Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am about to start development of application in C# and .NET. The application is going to be big in terms of how user will configure it to display on the screen.
I need some way to store configuration data and I have only explored 2 options yet and it is XML files and INI files , which one of these is better? Is there any other new way to store data that works great with .NET Framework?
This is a really broad question, but basically the way I see it there are a few prime places to store application data. Exactly what and how you store is going to depend on the type of data. The following is my personal short list:
Registry - The windows registry can be used to store single key/value pairs or small amounts of read only data. You really can only write these settings when your application is installed unless you are running in administrator mode (which isn't a good idea).
App Config - Similar to the registry this allows storage of application data that is generally best written during installation or during configuration but not much after that. The nice thing about this is the system administrator can often find these files and they are xml which means they are easier to edit (and read) than other files.
Isolated Storage - If you are storing application, user or machine specific information and you don't mind writing your own file readers and writers (or you are interested in delving into xml storage) this is an excellent option for you. It allows user specific settings and it doesn't require the user to have special privileges on the computer.
Local Database - If you want values that you can look up easily, read and write often and are stored simply a local database can be excellent. You might consider looking into SQLLite or a similar tool for this.
Network Database - This is pretty much as advanced as it gets. If you want user information to be automatically processed regardless of where the user opens your application and you want to be able to share settings between computers this is probably your best option. You can use MySQL for free or SQLExpress if you aren't storing GB of settings. It does require a significant amount of setup but it might be the best option anyways if you require this level of capabilities.
Hopefully this gets you started. Best of luck!
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I am developing an application which will require an entry for a functional "service account" from active directory to be used via impersonation to perform certain functions of the application that require elevation. It would basically give users of the application abilities restricted by app functionality without having to give their account rights. In the past I've used an SHA1 encrypted hash and stored the encrypted password in the web.config. This is probably no where near as secure as other methods out there. The primary goal here is to be able to store the user id and password for the service account in the app without storing it in clear text anywhere. Any recommendations on this?
ASP.NET Core's configuration setup allows multiple different sources for config: JSON, environment variables, etc. For storing secret information, some are better suited than others, so here's your main options:
User Secrets: this is a no-brainer for development. Any type of account information, API keys, etc. should be stored in user secrets in development. The chief problem is that this is only for development. As a result, you still need to find a solution for production.
Environment variables: While not encrypted, environment variables at least keep these settings confined to a particular server (where you might already be storing credentials for a service account like this anyways) and out of your source control. Still, some users may prefer a bit more security.
Azure Key Vault: Currently, this is the only distributed configuration option provided by ASP.NET Core that supports encryption. It's of course not free, but it's not that expensive, either. If you are already running in Azure, this is a no-brainer, but it's still a good option even if you're not.
Anything else you want to use: One of the nice things about ASP.NET Core is that everything is modular and swappable. You can use built-in configuration providers, those provided by third-parties, or even custom ones you create yourself. That latter fact, in particular, opens a world of possibilities to you, as if you simply take the time to write your own provider, you can actually continue to use something like a Web.config as you're used or integrate some other solution you want to use.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I just need some indications to get started on a personal project I have. As little as "install this and read that" will do.
Project Overview
I want to create a database for all the movies on my personal cloud drive and host it on a website available to everyone connected to my network.
Required Features
1)Sort movies by year or by actors.
2)Available to everyone on network.
3)Free.
4)This is optional, but I've heard of IMDB APIs that can be used with databases in order to populate "actor", "director", "year" etc... fields. It would be nice if I could use this.
Background
I am an engineering student and have always liked coding. I mostly use mathematics-oriented languages like matlab, fortran and c++. However, I have zero experience with anything web-related.
Possible approach
It looks like using ASP.NET framework with SQL is my best bet here.
I have found this tutorial, however I am not sure this can satisfy requirement 1), 2) and 4).
I have also read a bit on the w3schools website, again which suggest that ASP.NET + SQL is the way to go.
Any help is appreciated.
If this comes off as offensive, I don't mean it to.
It seems you are newer to programming, or at least the .net world of programming. Given this I would try to do things very simple.
I would just try to make a simple app that can do what you want (store info, sort, filter, and be able to access a web api).
To make it easier for you to get started, here is what I would use to crank this out.
I would create a winForms app in c#. I would use SQLServers new (LocalDB) to store my data.
That is it (for starting). You will need to learn to use Ado.net, T-SQL, how to create tables, and if you want to access IMDB you can learn that API also and how to connect to that.
But start small.
You need to research and look into a lot of this yourself. Buy a few books or google SQL for beginners.
You absolutely can do 1, 2, and 4 with SQL.
A good way to start this project would be looking into ER diagrams online and then going from there.
Also look into SQL Server or Oracle.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I've been looking for a simple key/license system for our users. Its partly to stop piracy (avoid users from sharing the application around) and the other half to track the number of 'licensed users' we have. I have already read a few good suggestions on SO but I'm curious as to how people have implemented the 30 day evaluation criteria.
Do you generate a key that stores the date somewhere and do a comparison each time or is it a little more complicated - deleting the file/removing the registry shouldn't deactivate.
Are there any example implementations out there that can give me a head start? The irony is that our PM doesn't want to license a third-party system to do it for us.
This is for a Windows Forms application.
Have you checked out the Rhino-Licensing project by Ayende Rahien. You can also see his blog post about licensing a commercial product which led him to develop this solution.
There are two separate challenges: i. How do you prevent a copied app from running. ii. How to prevent users from ripping out/bypassing your prevention scheme. The first one is usually done by taking a hard to copy signature of the user's system (e.g. Hard Drive ID + Processor ID + RAM, etc) and using it as the seed/key AND activating it on-line by calling "home".
The Second issue is harder to do in .Net since the source code can be in someway extracted and recompiled to exclude your protection system. The key here is to make it cheaper to buy the license than to remove the protection at the user's end. You may find that for most products, the suggestion to use a customized engine to encrypt your product libraries that also contain your copy-protect and decrypt it at initial run-time, might be enough.
I am not sure you can actually protect a .NET - There may be commercial solutions that do the trick. The reason is .NET code can be seen through Lutz Roeder (Thanks Jasonh for the heads up) Red Gate's Reflector (It was formerly by the named guy above). The best way to deal with it is to look for code obfuscation which makes reflecting more trickier, I can point you to one place I know of that does this for free - Phoenix - NtCore.Com.
The more esoteric solution would be to create a .NET hosting environment in C++, load the binary image (which could be encrypted) and the hosting environment than undecrypt it in memory - have heard of that theory but not sure how that would be done in practice. Please do not use your own protection scheme as there could be a weakness.
Someone once said - "Security through obscurity"....
Hope this helps,
Best regards,
Tom.
I worked on a project that handled this by putting some critical functionality (for example data storage, reporting, or payments) on an external server we ran, and requiring the user to log in to this server to get the functionality.
Customers can make backups, share, or run the application locally, but to access this critical function they have to type a password in to our application and connect to our server. Customers knew the password allowed changing their data, so they would not want to share the password with other people.
This was handy because we do not care how many copes of the application are out in the wild, we only track server connections. We included machine-identifying data like MAC address in the connection data, so we can track which machines are connecting.
I'm not just saying this because my company sells the OffByZero Cobalt software licensing solution for .NET: your PM should know that software licensing is very hard to get right, and if you roll your own, you'll be supporting it for the foreseeable future.
Take a look at the article Developing for Software Protection and Licensing; it explains how to choose a solution, why you should obfuscate your application and gives a number of tips for structuring your code to be harder to crack.
In particular it makes the point that the vast majority of companies should outsource their software licensing, as it makes no sense to spend developer time on building and maintaining a complex system that isn't your core business.
What is more important to your company: adding an important new feature to your product, or tracking down a peculiar permission behaviour on an ancient version of Windows that's clobbering your licensing system?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I am in the design phase of a file upload service that allows users to upload very large zip files to our server as well as updates our database with the data. Since the files are large (About 300mb) we want to allow the user to limit the amount of bandwidth they want to use for uploading. They should also be able to pause and resume the transfer, and it should recover from a system reboot. The user also needs to be authenticated in our MSSQL database to ensure that they have permission to upload the file and make changes to our database.
My question is, what is the best technology to do this? We would like to minimize the amount of development required, but the only thing that I can think of now that would allow us to do this would be to create a client and server app from scratch in something like python, java or c#. Is there an existing technology available that will allow us to do this?
There are quite a few upload controls for this you should be able to Google. There are a few on this download page.
Another work around is to have your clients install a Firefox FTP plugin or write a Firefox plugin yourself but FTP is by far the easiest way to boot.
What's wrong with FTP? The protocol supports reusability and there are lots and lots of clients.
On client side, flash; On server side, whatever (it wouldn't make any difference).
No existing technologies (except for using FTP or something).
I found 2 more possibilities
Microsoft Background Intelligent Transfer Service (BITS):
Has: up and download, large files, encrypted (vis https), resumable (even auto resuming as long as the user is logged in), manual pause and resume, authentication (via https again), wrapper for .NET, foreground or background priority, ...
Not: bandwidth throttling, file verification (only filesize), compression
rsync:
Has: unidirectional transfer, large files, resume of partial uploads (and pause via stop), verification, encryption (via ssh, stunnel), compression, usable c library (librsync by Martin Pool [1],[2])
Not: good windows compability (only via cygwin or cwrsync), commercially usable (GPL)
Anybody found something else in C#?
There's an example of using HTML5 to create a resumable large file upload, might be helpful.
http://net.tutsplus.com/tutorials/javascript-ajax/how-to-create-a-resumable-video-uploade-in-node-js/
I'm surprised no one has mentioned torrent files. They can also be packaged into a script that then triggers something to execute.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
What's the best approach to Licensing Custom .NET Components or applications for selling ?
Closed Source
2 licensing mode :
Trial limited features license (free)
Full featured
As for a "Closed Source" scenario consider using obfuscation. I've been using SmartAssembly and very satisfied with results.
As for licensing modes. You are speaking about .net components so the target audience are developers. I don't think they will deal with free limited trials. If you are going to sell something valuable to developer community get ready to see a "Full Featured" version on Rapidshare or torrents.
I would recommend concentrating on support and frequent updates/enhancements rather than protection. In most cases "business" buys support rather than binaries.
If you need some tool titles why don't you just google for that? ".net licensing" query will give you tones of links.
Hope that helps.
There is a lot of missing detail here.
Are you licensing from someone or trying to create a license?
Open source, closed source, selling? If selling, do you provide source?
What is the final usage of the component / application? Are you hosting it (like a multi-tenant site) or is it more COTS?
What are your competitors doing with their sales model? Does it appear to be working for them? e.g. does it sound reasonable? <- emulate that.
As you answer those questions, you'll find the license that fits your needs.
GPL. Or declaring it public domain. Or a 24-page EULA that restricts the ability of users to shave while using the component. Or something like that.
Why don't you tell us what you are trying to do, what the intended uses are, and what you'd like to have happen?
When you're giving out trials of your software that are upgradeable to full versions (in other words assemblies that contain all features), there's not a whole lot you can do to prevent someone from hacking it in the end. (with .net it's even easier then with native assemblies).
Signing & Obfuscation is the only way to prevent it from being reverse engineered in a very readable form but just using something like reflector will basically give you the complete.
One of the simplest ways to keep up the appearance of licensing is to:
use public/private key encryption to save licensing information (expiration date, enabled features, etc) into a file
include the public key in the assembly
decode the encrypted information on the start of your application to check if someone is licensed to use your application.
generate licenses when necessary with your private key and distribute those files (or keys if the data is small enough)
As an alternative you can include the licensing information in clear text with a hash code (this is the licensing key, algorithm should also support public/private key) in clear text with the application, and only check if the licensing information matches the hash code.