Hi guys,
We have some sensitive information in a Visual C#.NET app (an app that needs to be distributed to end-users). Examples of this information would be a connection string for a MySQL database on our servers, and encryption keys that the program uses to decrypt some datafiles.
When the program is compiled, even using something as simple as .NET Reflector to "decompile" it exposes all this information. Well, it obviously exposes EVERYTHING in the source code, but that's .NET for you. Problem remains, they can see the username/password for the MySQL database, the key to decrypt the license files, hell - even the method that performs the decryption.
Obfuscation won't work in this case, because no matter how unreadable you make the source code, those strings are easy to identify.
Anyone have any ideas?