Some people are concerned that IL doesn't offer enough intellectual property protection
for their algorithms. In other words, they think that you could build a managed module
and that someone else could use a tool, such as an IL Disassembler, to easily reverse
engineer exactly what your application's code does.
Yes, it's true that IL code is higher level than most other assembly languages, and, in general,
reverse engineering IL code is relatively simple. However, when implementing
server-side code (such as a Web service, Web form, or stored procedure), your assembly
resides on your server. Because no one outside of your company can access the assembly,
no one outside of your company can use any tool to see the IL—your intellectual
property is completely safe.
If you're concerned about any of the assemblies you do distribute, you can obtain an
obfuscator utility from a third-party vendor. These utilities scramble the names of all of
the private symbols in your assembly's metadata. It will be difficult for someone to
unscramble the names and understand the purpose of each method. Note that these
obfuscators can provide only a little protection because the IL must be available at some
point for the CLR to JIT compile it.
If you don't feel that an obfuscator offers the kind of intellectual property protection you
desire, you can consider implementing your more sensitive algorithms in some unmanaged
module that will contain native CPU instructions instead of IL and metadata. Then
you can use the CLR's interoperability features (assuming that you have ample permissions)
to communicate between the managed and unmanaged portions of your application.
Of course, this assumes that you're not worried about people reverse engineering
the native CPU instructions in your unmanaged code.
In the future, Microsoft will offer a Digital Rights Management (DRM) solution as a way
to protect the IL code contained inside an assembly.
-Yuva