Breadcrumbs

[Smiley]

Hi Guys

I Recently purchased a web domain and one year of web hosting, then i looked up how to upload and download files from an ftp server with vb.net to see what i could do with the web server and i realized that i could make a messenger application using a web server but then i ran into a problem if i where to make such an application and release it on the internet anyone could just reverse engineer the code and find out the ftp username and password to my server.
My Question is how could i secure my code? and are there any other security vulnerabilities i need to think about?

Thanks in advance,
Smiley cooll;

[visualtech]

You can try using some obfuscators. A good one is SmartAssembly (I have a licensed version). Otherwise, use some-sort of Public/Private Key cryptography to sign/verify the strings.

Now you have to see that every obfuscated assembly can be de-obfuscated. So the best option we have is: Public/Private key cryptography. So, if the hacker has the Public Key, he can't use it

Another thing can be: Signing with a .SNK file or Strong Name it This way if anyone decompiles the code: it will break.

Even after that: a good hacker can sniff the TCP/UDP requests sent out by your software. There is one thing you can do: Send the File as a Compressed gzip stream to a PHP page and tell the PHP page to upload that to the string.

This way: even if the person decompiles your assembly, he won't see the Username/Password for your FTP server. One vulnerability here can be that the "hacker" can get the URL and upload the files he wishes.
To counter this: Sign your gzipped stream with RSA/ECC and verify in the PHP script.

To make the wall harder, use some Padding and put the parts of the signature at some random places.

P.S.: Want more help or help in making this: PM Me

[Smiley]

You can try using some obfuscators. A good one is SmartAssembly (I have a licensed version). Otherwise, use some-sort of Public/Private Key cryptography to sign/verify the strings.

Now you have to see that every obfuscated assembly can be de-obfuscated. So the best option we have is: Public/Private key cryptography. So, if the hacker has the Public Key, he can't use it

Another thing can be: Signing with a .SNK file or Strong Name it This way if anyone decompiles the code: it will break.

Even after that: a good hacker can sniff the TCP/UDP requests sent out by your software. There is one thing you can do: Send the File as a Compressed gzip stream to a PHP page and tell the PHP page to upload that to the string.

This way: even if the person decompiles your assembly, he won't see the Username/Password for your FTP server. One vulnerability here can be that the "hacker" can get the URL and upload the files he wishes.
To counter this: Sign your gzipped stream with RSA/ECC and verify in the PHP script.

To make the wall harder, use some Padding and put the parts of the signature at some random places.

P.S.: Want more help or help in making this: PM Me

Hey visualtech

Wow i didn't understand half of this haha this is all very complicated and i'm pretty lazy so i guess i will have to give up on making a chat program.
Thank You for your help though your knowledge of all this stuff is very impressive but its too much for me to learn.

Smiley cooll;

[Shim]

Hi,

If you know about Rabbit Messenger, I was able to sniff the HTTP POST/GET requests so I reported to #Dummy1912 then he fixed it by himself or someone helped him maybe you can ask #Dummy1912.