473,698 Members | 2,141 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

protecting objects from being changed

Is there a way that is already built into .net 3.5 that will let me protect
an object from being modified when the object is public?

Jun 27 '08 #1
6 1409
On Apr 15, 2:37 pm, "Andy B" <a_bo...@sbcglo bal.netwrote:
Is there a way that is already built into .net 3.5 that will let me protect
an object from being modified when the object is public?
Simply put: don't expose any way of making any changes. Make all your
properties readonly and make sure your methods don't change anything.
Making all member variables readonly goes some way to doing this,
although it's less clearcut if one of your member variables is of a
mutable type itself (e.g. StringBuilder).

It's unfortunate that C# doesn't have more support for creating and
checking immutable types - I know it's something that the design team
are considering for a future version.

Jon
Jun 27 '08 #2
Is there a way that is already built into .net 3.5 that will let me
protect an object from being modified when the object is public?
I'm not quite sure what you mean by modifying an object, except for modifying
it's state (ie. fields). You should encapsulate your fields with properties.
Properties can be read-only (not set), or a mix of a public get and more
hidden set (private,protec ted,internal).

public class OpenClass
{
private string _name;

public string Name
{
get
{
return _name;
}
internal set
{
_name = value;
}
}
}
Jun 27 '08 #3
I have an object that when it's IsSigned property is set to bit 1, can't be
changed. Otherwise if it is set to 0, it can be changed in whatever way is
needed. This check would need to be done before putting the object inside a
database and after it is pulled out of the database as well. The object will
be serialized into an xml format and it's IsSigned state will be put into a
database table column seperate from the object itself. I.e. in the table
called objects, I would have the columns Id, IsSigned, IsFulfilled, IsPaid,
Object. I guess I'm just looking for some easier way of doing something like
this since the object already has over 60 public properties built into it.
These 60+ properties are split between 18 sub classes and data types.
"Morten Haug" <mo****@haugern .netwrote in message
news:e9******** *************** **@news.lyse.ne t...
>Is there a way that is already built into .net 3.5 that will let me
protect an object from being modified when the object is public?

I'm not quite sure what you mean by modifying an object, except for
modifying it's state (ie. fields). You should encapsulate your fields with
properties. Properties can be read-only (not set), or a mix of a public
get and more hidden set (private,protec ted,internal).

public class OpenClass
{
private string _name;

public string Name
{
get
{
return _name;
}
internal set
{
_name = value;
}
}
}


Jun 27 '08 #4
On Wed, 16 Apr 2008 04:55:43 -0700, Andy B <a_*****@sbcglo bal.netwrote:
Do you have a link to the pgp encryption stuff? And I forgot to mention,
there are 2 different people signing the document (the company and the
customer).
http://www.google.com/search?q=pgp+signing

I'm not sure I understand the "2 different people signing the document".
You're not specific about what effect this should have, or how you expect
the two to interact. Are both people supposed to be able to access the
document after it's been signed? Can you simply store two encrypted
versions of the document? Alternatively, is it okay for the company to
retain a copy of the customer's encryption key?

That requirement will certainly make your problem more complicated,
whatever the answers to those questions might be.

Pete
Jun 27 '08 #5
>I'm not sure I understand the "2 different people signing the document".
>You're not specific about what effect this should have, or how you expect
the two to >interact.
The company and the customer are supposed to sign the document. When the
form is filled out by the company online, a username and an encryption key
(a password as the customer would know it) is sent to the customer. They are
directed to login, view and sign the document (which has already been signed
by the company). After the company signs and presents the document for the
customer to sign,, for some reason the customer needs some changes made to
the document (the "form attached to the document"), the company should be
able to make the changes to satisfy the customers changes to the "form" and
then present it back to the user for signing. I think this possibly might be
a legal issue though since the standars for e-signing act of US law states
that after signing the document, it should be checked to make sure it can't
be changed. Is this before both people sign, or after both people sign?
>Are both people supposed to be able to access the document after it's been
signed?
Yes, both customer and company have to be able to view the document. There
might be a slight issue though. When the company fills out the document,
they have to sign it before it is presented to the customer before the
customer signs it. So, basically, even though the company has already signed
the document and commited to provide the services outlined in the document,
the customer still must be able to view and sign it for themselves. We
already found that 2 encryption keys for each document would be required -
one for customer and one for company.
>Can you simply store two encrypted versions of the document?
No, this method is not possible. Disk space is expensive and the database
needs to be as small as possible. Each transaction (document signing) will
roughly take about 2-3k in size. So, there can only be 1 copy of the
document for each transaction.
>Alternativel y, is it okay for the company to retain a copy of the
customer's encryption key?
Yes, that is entirely possible. The only restriction to this is that if the
customer forgets or loses their security key (password), it can't be
retrieved or reset. The conciquences to losing or forgetting the security
key is that the customer will not be able to view their signed documents
again (since most security signing services or programming addins do the
same sort of thing).


Jun 27 '08 #6
On Wed, 16 Apr 2008 16:44:37 -0700, Andy B <a_*****@sbcglo bal.netwrote:
[...]
>Alternativel y, is it okay for the company to retain a copy of the
customer's encryption key?

Yes, that is entirely possible. The only restriction to this is that if
the
customer forgets or loses their security key (password), it can't be
retrieved or reset.
Well, then I'd say that means it's not possible. After all, if the
company retains a copy of the customer's key, they can always retrieve
that copy. Or if they can't, there's no point in retaining it. :)

I also don't know what world you live in where "disk space is expensive",
but I suppose that's one of those relative things.

Other than that, the requirement that the document be signed by both
parties, while still retrievable by either party individually, is way
beyond anything I'm able to offer. I'm pretty much out of answers; you
need an expert in the field, and that I definitely am not.

I know that the experts in cryptography seems to be able to solve all
sorts of intuitively intractable problems. Maybe there is in fact a
reliable encryption scheme in which two different keys (and only two
different keys) can be used to decrypt an encrypted document. But if
there is, I don't know what it is.

Which isn't to say you won't get an answer in this newsgroup. It's
possible you would...I've seen some esoteric crypto stuff discussed here.
But for sure, I'm not the guy to give the answer. Sorry...

Pete
Jun 27 '08 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
2666
by: James Sleeman | last post by:
Hi all, i just spent an hour rifling through code to find the cause of a problem only to find it's an oddity with serialization and recursive objects, so figured I'd post for the next person who gets the same problem (y'all might find it interesting too)... ********************************* Symptoms ********************************* When unserializing a previously serialized object, the __wakeup() function is mysteriously called more...
24
5048
by: Yang Li Ke | last post by:
Hi guys! Anyone know a way so that users purchasing my scripts would not be able to share them with other people ? Yang
12
2197
by: Roland Hall | last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re: protecting images from linked to by other sites. There is a link at the bottom of that page that references an interesting article about ways of protecting your images from being downloaded. It was my understanding that if the client sees it, then it's in the client cache. Am I wrong in this belief or not? I took the information in the article and created the .asp that...
11
1787
by: thechaosengine | last post by:
Hi all, I have a very general but quite significant question about objects. My question is, when should I create them? I know thats a crap question so let me explain a bit further. Lets take an example of user management against a database. Things I might like to do include:
6
5992
by: Howard Kaikow | last post by:
I'm doing a VB 6 project in which I am trying to protect against type mismatch errors. Is the process any different in VB .NET? Here's what I'm doing in VB 6. I have an ActiveX DLL. The class has stuff initialized by calling a sub SetClass that wants some Word specific objects passed-in. If the user mistakingly uses the wrong object, say, uses an Excel object
6
1328
by: Roman Werpachowski | last post by:
In a recent thread http://tinyurl.com/8n7fe I asked about preventing the user from deleting the object pointed to by a pointer/reference. Now I would like to ask about a different aspect of this thing: it this protection worth it? It is fairly obvious that deleting an object you will need in the future is wrong. So is it worth to bother with protecting it against deletion?
47
3102
by: Max | last post by:
Due to the behaviour of a particular COM object, I need to ensure that a request for a particular ASP page is finalized before another request for the page is processed. Does IIS have a way to ensure that subsequent requests will be queued until the current request is completed? If not, can IIS be configured to use seperate processes to satisfy requests for a nominated ASP page? Thanks in advance.
22
2616
by: flit | last post by:
Hello All, I have a hard question, every time I look for this answer its get out from the technical domain and goes on in the moral/social domain. First, I live in third world with bad gov., bad education, bad police and a lot of taxes and bills to pay, and yes I live in a democratic "state" (corrupt, but democratic). So please, don't try to convince me about the social / economical / open source / give to all / be open / all people are...
27
2556
by: SasQ | last post by:
Hello. I wonder if literal constants are objects, or they're only "naked" values not contained in any object? I have read that literal constants may not to be allocated by the compiler. If the Standard is saying that "object is a region of storage", I deduce from that that literal constants aren't objects because they may not be alocated as regions of storage in the memory.
0
8673
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8601
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9156
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
8860
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
5860
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4614
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3043
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2327
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1998
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.