is ExcelDNA code secure like other compiled c++ code

Aug 14, 2015 at 10:31 PM
VBA code is generally considered to not be secure from prying eyes, even with a password set on the VBA project.

Does an ExcelDNA XLL file made with Visual Studio offer the same security as vb.net or c++ code compiled into a DLL?
Coordinator
Aug 15, 2015 at 9:47 AM
The obscurity of Excel-DNA, especially if you make a packed add-in, helps a bit to make it more secure than VBA. But internally your add-in is just storing the compiled .NET assembly, which leaves you in the same position as a VB.NET or C# compiled assembly. These are less secure than C++, because the compiled version contains extensive metadata (allowing Reflection to work), and the assembly is not optimised (that will happen at runtime when it is JIT-compiled). So decompilers like ILSpy can extract much of you code from the compiled assembly. You should try it, to understand better.

The way around this in the .NET world is to run an obfuscator, which will remove the metadata (except public parts) and possibly rearrange your code. At that point you are about as safe as C++. There are various free and expensive obfuscators, one is installed with Visual Studio. Remember to check again in a decompiler after obfuscation, to make sure enough metadata was removed.

So you'd run you compiled assembly through an obfuscator, and then pack inside the Excel-DNA add-in. That will be pretty secure, similar to C++.

-Govert
Aug 16, 2015 at 3:58 PM
Thank you for the very thorough reply, Govert. That helps a lot.

My goal is to make a small Excel Addin more secure than just a VBA password. I would like to either port it to ExcelDNA or use a product called Unviewable+. http://www.spreadsheet1.com/unviewable-vba-project-app-for-excel.html

By the way. I am a full time mechanical engineer and part time programmer. Sometimes I come up against programming problems that are over my head. Do you offer consulting services? Usually my problems will involve Excel VBA, Visual Studio, C++, and sometimes Fortran.

Cheers,

Brian
www.xlrotor.com
Coordinator
Aug 23, 2015 at 10:12 PM
Edited Aug 23, 2015 at 10:14 PM
Hi Brian,

I don't normally do ad-hoc consulting. But if the work is interesting I'm always happy to help or have a look.
You are welcome to contact me directly via email to govert@icon.co.za.

-Govert