Desaware Inc. - In The News: Components and Tools for Microsoft Visual Studio Developers

Company > News > archived newsletters > sept 2003

Company
Contact Us
Background
Customers
News
Newsletter
In The News
Press Kit
User Groups
Careers
Privacy Policy

Contact Desaware and order today!

Desaware Newsletter

News from Desaware: New product & ebook + Tech tip

September 2003

Desaware Visual Basic Bulletin - September 2003

Now shipping: OneTimeDownload-5M - Limited use link management for ASP.NET.
New eBook by Dan Appleman: Hijacking .NET Volume 2: Protecting your Code
Now shipping: The Desaware Licensing System. Cryptographic based security for your .NET applications and components.
Tech Tip: Avoid versioning problems when using serialization to persist objects to disk.

This email was sent at your request after signing up at our web site or directly contacting us at a trade show or other venue, to notify you about the latest news from Desaware and about books and articles by our president, Dan Appleman and technical staff.
To remove your name from this mailing list, please send an email message to listserv@desaware.com. The text of the subject line should include the word "unsubscribe". Contact information can be found at the end of this email.

Desaware does not buy, sell or trade email addresses.

Now shipping: OneTimeDownload-5M - Link management for ASP.NET.

OneTimeDownload-5M is a component that allocates, implements and manages temporary links. These are URLs that are active for a limited time and often associated with a particular user.
Whether it is a special offer, a software update, or a personalized web link included in an email message for tracking purposes, sometimes you want to create secure, single or limited use links. OneTimeDownload-5M is the answer.

Create unlimited unique links, each with its own expiration date.
Specify link lifetime after first use.
Links can be grouped - using one invalidates others in the group.
128 bit link values make guessing virtually impossible.
Add security by limiting the number of IP addresses that can use a link.
Links can be associated with URLs, user defined data, or downloadable files.

Download your 30 day trial today!

Now shipping: Hijacking .NET Volume 2: Protecting your Code

Hijacking .NET is todays equivalent of using undocumented Windows API functions. Except that not only are the functions under discussion undocumented, they are actually private functions internal to the .NET framework that were never intended to be used from outside.
In the first volume, Dan Appleman covered how to find these hidden functions, how to use disassembly and common sense to figure out what they do, and how to implement code that uses them (along with a straightforward explanation of the relative risks of doing so).

In this new volume, you will learn about the security implications of using reflection to access private members in an assembly, and about the design patterns and specific methods you can use to prevent others from using these techniques on your assemblies.

Order today for only $9.95

Now shipping: The Desaware Licensing System . Cryptographic based security for your .NET applications and components.

Whether you're a systems integrator, a consultant, or an IT manager trying to restrict access to proprietary applications, licensing is a major issue. With the advent of .NET, and its strong name binding capabilities, it has for the first time become possible to create a licensing system that is end to end cryptographically secure. In other words - security is not dependent on secret files or registry entries, but rather on 128 bit public key encryption.

The Desaware Licensing System includes the licensing component that is distributed with your application, the server software that runs on any ASP.Net server as a web service, and the management application for defining and managing applications.

Key features include:

Flexible security settings, from high security (requiring an Internet connection to the server), to tolerant security (grants a temporary certificate until a connection is available).
Supports component licensing (LicenseProvider).
License multiple assemblies/applications with one key, or use multiple keys to enable different features in a single assembly or application.
Supports timed trial/demo versions.
One Server license can support licensing unlimited applications at no added cost.
Full source license available (the security is provided by the cryptography, not by the licensing algorithm).

Download your 30 day trial version today!

Tech Tip: Avoid versioning problems when using serialization to persist objects to disk.

The .NET framework includes two serialization formatters, a SoapFormatter object that serializes objects using SOAP (XML), and a BinaryFormatter object that serializes objects into binary format. You can use these to save a serializable object to a file using code like this:

[VB] Dim sw As FileStream = New FileStream("c:\temp\temp.bin", FileMode.CreateNew) Dim bf As BinaryFormatter = New BinaryFormatter() bf.Serialize(sw, New Class1()) [C#] FileStream sw = new FileStream("c:\\temp\\temp.bin", FileMode.CreateNew ); BinaryFormatter bf = new BinaryFormatter(); bf.Serialize(sw, new Class1());

When you try to restore the object using the formatter's Deserialize method, everything will work fine - until you upgrade your strong named assembly to a new version number. Then you'll find that all of the files persisted with the previous version can't be read.

That's because .NET includes the name of the assembly that owns the object into the serialized data. So if you serialize an object from a strong named assembly, a later version won't be able to deserialize it - the later version has a different strong name.

The solution is to change the AssemblyFormat property to the FormatterAssemblyStyle.Simple style as shown here:

[VB] Dim sw As FileStream = New FileStream("c:\temp\temp.bin", FileMode.CreateNew) Dim bf As BinaryFormatter = New BinaryFormatter() bf.AssemblyFormat = FormatterAssemblyStyle.Simple bf.Serialize(sw, New Class1()) [C#] FileStream sw = new FileStream("c:\\temp\\temp.bin", FileMode.CreateNew ); BinaryFormatter bf = new BinaryFormatter(); bf.AssemblyFormat = FormatterAssemblyStyle.Simple; bf.Serialize(sw, new Class1());

This causes only the simple name of the assembly to be persisted in the serialized data, making it easy for later versions of the same assembly to deserialize the object.

Wishing all of you success in your programming efforts.

Desaware, Inc.

1100 E. Hamilton Avenue, Suite 4
Campbell, CA 95008 USA
Tel 408-377-4770, Fax 408-371-3530
Email: support@desaware.com
Web: http://www.desaware.com

Learn More:

Company > News > archived newsletters > sept 2003
Company Contact Us Background Customers News Newsletter In The News Press Kit User Groups Careers Privacy Policy Contact Desaware and order today! Sign up for Desaware's Newsletter for the latest news and tech tips.	Desaware Newsletter News from Desaware: New product & ebook + Tech tip September 2003 Desaware Visual Basic Bulletin - September 2003 Now shipping: OneTimeDownload-5M - Limited use link management for ASP.NET. New eBook by Dan Appleman: Hijacking .NET Volume 2: Protecting your Code Now shipping: The Desaware Licensing System. Cryptographic based security for your .NET applications and components. Tech Tip: Avoid versioning problems when using serialization to persist objects to disk. This email was sent at your request after signing up at our web site or directly contacting us at a trade show or other venue, to notify you about the latest news from Desaware and about books and articles by our president, Dan Appleman and technical staff. To remove your name from this mailing list, please send an email message to listserv@desaware.com. The text of the subject line should include the word "unsubscribe". Contact information can be found at the end of this email. Desaware does not buy, sell or trade email addresses. Now shipping: OneTimeDownload-5M - Link management for ASP.NET. OneTimeDownload-5M is a component that allocates, implements and manages temporary links. These are URLs that are active for a limited time and often associated with a particular user. Whether it is a special offer, a software update, or a personalized web link included in an email message for tracking purposes, sometimes you want to create secure, single or limited use links. OneTimeDownload-5M is the answer. Create unlimited unique links, each with its own expiration date. Specify link lifetime after first use. Links can be grouped - using one invalidates others in the group. 128 bit link values make guessing virtually impossible. Add security by limiting the number of IP addresses that can use a link. Links can be associated with URLs, user defined data, or downloadable files. Download your 30 day trial today! Now shipping: Hijacking .NET Volume 2: Protecting your Code Hijacking .NET is todays equivalent of using undocumented Windows API functions. Except that not only are the functions under discussion undocumented, they are actually private functions internal to the .NET framework that were never intended to be used from outside. In the first volume, Dan Appleman covered how to find these hidden functions, how to use disassembly and common sense to figure out what they do, and how to implement code that uses them (along with a straightforward explanation of the relative risks of doing so). In this new volume, you will learn about the security implications of using reflection to access private members in an assembly, and about the design patterns and specific methods you can use to prevent others from using these techniques on your assemblies. Order today for only $9.95 Now shipping: The Desaware Licensing System . Cryptographic based security for your .NET applications and components. Whether you're a systems integrator, a consultant, or an IT manager trying to restrict access to proprietary applications, licensing is a major issue. With the advent of .NET, and its strong name binding capabilities, it has for the first time become possible to create a licensing system that is end to end cryptographically secure. In other words - security is not dependent on secret files or registry entries, but rather on 128 bit public key encryption. The Desaware Licensing System includes the licensing component that is distributed with your application, the server software that runs on any ASP.Net server as a web service, and the management application for defining and managing applications. Key features include: Flexible security settings, from high security (requiring an Internet connection to the server), to tolerant security (grants a temporary certificate until a connection is available). Supports component licensing (LicenseProvider). License multiple assemblies/applications with one key, or use multiple keys to enable different features in a single assembly or application. Supports timed trial/demo versions. One Server license can support licensing unlimited applications at no added cost. Full source license available (the security is provided by the cryptography, not by the licensing algorithm). Download your 30 day trial version today! Tech Tip: Avoid versioning problems when using serialization to persist objects to disk. The .NET framework includes two serialization formatters, a SoapFormatter object that serializes objects using SOAP (XML), and a BinaryFormatter object that serializes objects into binary format. You can use these to save a serializable object to a file using code like this: [VB] Dim sw As FileStream = New FileStream("c:\temp\temp.bin", FileMode.CreateNew) Dim bf As BinaryFormatter = New BinaryFormatter() bf.Serialize(sw, New Class1()) [C#] FileStream sw = new FileStream("c:\\temp\\temp.bin", FileMode.CreateNew ); BinaryFormatter bf = new BinaryFormatter(); bf.Serialize(sw, new Class1()); When you try to restore the object using the formatter's Deserialize method, everything will work fine - until you upgrade your strong named assembly to a new version number. Then you'll find that all of the files persisted with the previous version can't be read. That's because .NET includes the name of the assembly that owns the object into the serialized data. So if you serialize an object from a strong named assembly, a later version won't be able to deserialize it - the later version has a different strong name. The solution is to change the AssemblyFormat property to the FormatterAssemblyStyle.Simple style as shown here: [VB] Dim sw As FileStream = New FileStream("c:\temp\temp.bin", FileMode.CreateNew) Dim bf As BinaryFormatter = New BinaryFormatter() bf.AssemblyFormat = FormatterAssemblyStyle.Simple bf.Serialize(sw, New Class1()) [C#] FileStream sw = new FileStream("c:\\temp\\temp.bin", FileMode.CreateNew ); BinaryFormatter bf = new BinaryFormatter(); bf.AssemblyFormat = FormatterAssemblyStyle.Simple; bf.Serialize(sw, new Class1()); This causes only the simple name of the assembly to be persisted in the serialized data, making it easy for later versions of the same assembly to deserialize the object. Wishing all of you success in your programming efforts. *Desaware, Inc.* 1100 E. Hamilton Avenue, Suite 4 Campbell, CA 95008 USA Tel 408-377-4770, Fax 408-371-3530 Email: support@desaware.com Web: http://www.desaware.com	Learn More: Learn more about the Desaware Licensing System. For in-depth technical information read the latest books and eBooks by Dan Appleman

Products Purchase Articles Support Company Contact Copyright© 2011 Desaware, Inc. All Rights Reserved. Privacy Policy