Obfuscating a web application
Today was make-a-build-process day, when I finally switched from VS.NET IDE compilation to a simple batch file. I may use fancier tools later I suppose, but for now I love the flexibility of a good old batch file. I was programming before Windows you know..
So, after compilation the steps are:
- Obfuscation
- Applying the strong names (delay signed because of the obfuscation)
- Copy to release and test folders
- Build the installation
#2 was fun, because I had to dig out my old MS-DOS Encyclopedia (yes, it really is called that) to remind myself how to use FOR to loop through files.
Man, I'm proud of that book. It's one of the few that I'd carry out of the house if it was on fire (but don't tell Tara). I don't know if it's still in print, somehow I doubt it. I bought mine in 1988 and IIRC it was $200!
So, in case you are wondering how to strong name your delay-signed assemblies using a batch file, here's the answer:
FOR %%f IN (%obfuscateddir%*.dll) DO sn -q -R %%f %snfile%.snk
I think Joel should add that to his list of interview questions, and Robert should be impressed enough to finally give me some of that A-list love. 
Anyway, back to the real point - #1 on that list. Obfuscation.
Now, I think these are very clever and all that (I use XenoCode and I am very pleased with it) but have you ever tried obfuscating a web application?
It's tricky. For example, if you use code-behind like I do, you cannot obfuscate the Inherits tag in the aspx or it won't run. So, basically you have to go through and uncheck every box that is obfuscating a web page or user control name.
Then you realize that you have code like this, in your aspx file:
<DOGS:DBBlog ID="blog" Days=365 MaxRecords=20 runat=server />
(which loads the user control that shows a blog). So you realize that you have to find every public property of every user control and keep that un-obfuscated too. This adds up to a lot of check marks.
At the end of the day, there is still plenty of 242lk23kj234:23lkj49d09as to make it worthwhile, but it's not quite as easy as, say, obfuscating a single assembly for sale. I wish I had a simple single componpent product sometimes. 