Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.6K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 295 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Need an encryption product for NAV2013 R2 - does one exist?!
boywonder
Member Posts: 179
As per title, willing to pay for such a product that will enable C/AL code to be hidden/encrypted. Artcount had a good solution for 2009 but don't have anything for 2013 due to the architecture changes.
Is one out there yet? Thanks
Is one out there yet? Thanks
0
Comments
As far as I know because of the technical reasons this is not possible any more. And frankly speaking this is good so.
See http://www.mibuso.com/forum/viewtopic.php?f=23&t=44914&hilit=code+protection
for more reason why the code should be visible.
The best way to protect you code is to register an Add-On by Microsoft and to get a specific Object ID range assigned.
In that case you code will not be visible to the partners or clients.
It will also be protected as an Add-on, so you do not need to fear that someone may use your solution.
I hope this helps.
Thanks.
I do not understand what you mean. If you get an Object range assigned by Microsoft for your add-on, then the code in that add-on range is not accessible.
If you try to open such object you get the error message "The object is not in your permission range ...."
On the VOICE you can set the option that Objects can only be executed or indirect permissions.
Thanks.
It is still possible to hide the code in the development environment, but with the same disadvantages like before and it is possible to extract the source code from the. Net code. But it is possible is to obfuscate the code so that you cannot read it anymore. I've a working prototype that is already used by a partner. Feel free to write me an IM if you want to get more information.
http://www.sist.biz/en/ [en] | http://www.sist.biz [de]
Hmm, the biggest reseller of NAV Payroll in the UK is Miraclepay (and probably the only one), but they are not on NAV 2013 R2, as far as I know.
The code is protected in NAV 2009 R2 but not in the later versions.
So it would be interesting if you colleague from the UK could tell us more.
Thanks.
It is against the partner agreement to encrypt the code and the tools is no longer available either.
I suggest you look for an addon range or legally protect IP.
g.
Gabor [MVP]
Navblog
However, with the introduction of the RTC/Service tier, al AL code is kept in two places.
1. In the C/Side objects
2. As comment in the C# generated code
You can still encrypt 1 as far as I know, but you cannot prevent anyone from activating #2.
However, it is a lot of work to gerenerate code from #2 to real AL code. So if someone is willing to invest that time, I am guessing the orriginal owner of the IP has messed up so badly that, I guess, well, you know what I mean.
The source is now stored in (at the last count) three different locations.
The licensing limitations on viewing the objects have always been a basic block, but not an insurmountable one. The deletion of the source code that Miracle do was reasonably effective in V5 but could still be reversed if anyone believed it was worth the effort. (Because Nav byte code was never obfuscated).
With 2013R2 deleting the source code from the FOB objects does not delete even a significant part of the code.
The code is saved as comments in the C# code and directly for the debugger.
But the major problem with RTC is that it has to regenerate the C# code from the C/AL code if there is a significant difference in version number between the database an object is exported from and the database it's imported into. For 2013R2 'significant difference' appears to mean any difference in version number.
Technically this means that a company that deletes the source code from the FOB files has to keep a database for every single hotfix version of the executables that any of their customers may have. Or specifically limit the versions that their code will run on, either forcing their customers to upgrade to a specific hotfix, or worse, blocking their customers from upgrading to a Microsoft hotfix that may fix an operational issue like the recent data dictionary corruption and data loss scenarios.
For Nav2013 there are significant and ongoing barriers to hiding your source code which are only likely to get worse.
However, there is a good side. The RTC client requires a service tier and it is now quite simple to integrate DotNET DLLs into Nav cleanly on the server side. This means that compiled (and obfuscated) DotNET code can be linked with C/AL on the server and have no client requirements beyond the Nav standard. This does not impact the ability to run using both the 'windows client' and the 'web client'. Using this your 'special' code can be compiled into one or more DotNET DLLs and only display and wrapping need have visible source code. Obviously this will mean that your code cannot be written in C/AL (though you may be able to extract and compile the C# translation into your DLL, or there are other Pascal like languages) but this shouldn't be too large a problem compared to the administrative issues otherwise.
TVision Technology Ltd
So this would suggest that obfuscated code can be imported into the meta data after importing the empty fob.
just guessing.
When importing objects it's run during the "Processing Objects" phase. In V7 the "Tools->Build Server Application Objects" option will continue to create the C# code if the "Processing Objects" phase crashed or the object metadata (C# code) has been deleted.
If there is no visible "Processing Objects" phase then either you have "Enable for Microsoft Dynamics NAV Server" turned off (V6) or you are running the Native Client (V6) or the C# code stored in the FOB is acceptable to the client. Note: for early V6 clients 'acceptable' may not mean runnable. For V7 clients 'acceptable' appears to mean "exactly the same build number".
When the C# code needs to be run by the Service Tier, it will call the "csc.exe" program to convert the C# code into a DLL which is stored (temporarily) under the ProgramData tree on the server. Note: It is possible for these DLLs to be flagged as a virus by AV software, so, if installed, the AV software should be configured to exclude this directory.
The first phase (converting to C#) needs to dereference automation objects and DotNET variables to check the compile. This means that those DLLs MUST be installed on the client even if never run there. Only DLLs that are called to run server side need to be installed server side.
Beware the addition metadata in the 2013R2 database, stored in the "Object Metadata Snapshot" table makes removing tables from the "Object Metadata" table dangerous at best.
Before 2013R2 the "Development Environment" also handled the task of updating the SQL tables to match the Navision data dictionary (add and removing columns, indexes etc) With V7.1 this task has been handed over to the service tier. This means that for table changes you must have a service tier running and it must have access to the database to do this job.
This task is NOT done by the service tier in sync with the saving of the object; it is done when a client is started after saving the object. This BTW includes changing the collation of the database, with 2013R2 the database has to be put into single user mode to update the metadata but must be put back into multi-user mode to actually change the data.
The most recent hotfix rollup apparently has more changes in this area; I haven't looked yet though.
TVision Technology Ltd
Oh, yeah, i know them... Basically they compile everything on their DB, then remove a C/AL code by some tool, and then deploy a metadata using their custom-made tool. That all good, but starting from version 2013 the object metadata contain 3 new fields ("Metadata", where you got just XML definition of object, "User Code", where you got c# object definition and code of you object, and a "User AL Code" , where you got your C/AL code, used by debuger I believe). So their approach had worked with version 2009 r2, which had in metadata table only the c#, and it has been pretty weird to reverse it back to C/AL, but now, with 2013 you got everything at the plate
Anyway, obfuscation of a code is a certainly not a good way in NAV world, the proper way is to register your stuff with MS and get a range, which is not editable by other partners. But, from experience i may say, that all obfuscated code i ever seen never ever will pass MS requirements to register an add-on
Wow thx for the info. If you find more info/links please add to this topic.
But the desire understandable. This is basically similar to how NAV clients often want to prevent copy-pasting, because they are afraid an employee could steal their customer list.
The whole "culture of Navision" is basically a "high trust" culture and the real world is often not like that, that is the real issue. I remember how when I first started to work with Navision in 2002 they proudly showed me what a big advantage is that employees can find a lot of information in drill-downs and F9 stats, and I thought that most businesses I know think totally opposite - they want to hide information like margins from employees, so that they don't demand higher salaries, stuff like that...
Still, it is same like games copy protection. Companies throwing out big money on it but mostly what they save by copy protection is less than they put into it. Games without copy protections are more and more common... why? ;-)
Same for NAV partner - throwing out money on "code protection" is for me wasting, better to put them into making the product better to support/merge/extend.
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.