Could you use NGen to secure your .NET code?

26 09 2011

Managed .NET code (MSIL) can be decompiled and due to this it can be obfuscated to make this much harder, if not impossible. In contrast to this is native code quite secure looking at this threat.
However, there is a way to turn managed code into precompiled native code using a tool called NGen.exe, which is part of the SDK. It speeds up code execution quite a bit.

The question is: Can you use Ngen to deploy native code only, e.g. on security sensitive systems?
Unfortunately, you cannot, because the Common Language Runtime still needs the metadata contained in the IL-code e.g. for reflection etc..

Therefore use NGen only for better speed, not for security!

AlexanderWinking smile




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: