473,842 Members | 1,619 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

BinaryFormatter Serialize DirectCast Class

JZ
Hi,

I'm using a class and binary formatter to store data in files.

For example..

Dim FPs As New StuctureDataFil e()
Dim FileStream As Stream = File.Open(pfile , FileMode.Open)
Dim FileFormatter As New BinaryFormatter ()
FPs = DirectCast(File Formatter.Deser ialize(FileStre am), StuctureDataFil e)
FileStream.Clos e()

How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?

I want to stop people creating their own data files.

Also, is there anyway I can provide extra security? For example, encryption?

Thanks in advance!!

--
JZ
Nov 21 '05 #1
11 3125
On Wed, 22 Sep 2004 21:18:32 +0100, JZ wrote:
Hi,

I'm using a class and binary formatter to store data in files.

For example..

Dim FPs As New StuctureDataFil e()
Dim FileStream As Stream = File.Open(pfile , FileMode.Open)
Dim FileFormatter As New BinaryFormatter ()
FPs = DirectCast(File Formatter.Deser ialize(FileStre am), StuctureDataFil e)
FileStream.Clos e()

How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?

I want to stop people creating their own data files.

Also, is there anyway I can provide extra security? For example, encryption?

Thanks in advance!!


Sure, you can serialize to a MemoryStream, and then use one of the various
encryption classes in System.Security .Cryptography to encrypt the byte
array before writting it to the file... Obviously, the process would be
thre reverse to recover the data :)
--
Tom Shelton [MVP]
Nov 21 '05 #2
JZ,
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile? I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...

As Tom suggests you can use a System.Security .Cryptography.C ryptoStream to
encrypt & decrypt the file.

You can chain the streams, so you don't need to use a MemoryStream per se.

Try something like:

Public Shared Sub Main()

Dim rijndael As New RijndaelManaged
rijndael.Genera teKey() ' create random key
rijndael.Genera teIV() ' create random initialization vector
Dim encryptor As ICryptoTransfor m =
rijndael.Create Encryptor(rijnd ael.Key, rijndael.IV)
Dim decryptor As ICryptoTransfor m =
rijndael.Create Decryptor(rijnd ael.Key, rijndael.IV)

Dim FPs As New StuctureDataFil e
Encrypt("Stuctu reDataFile.bin" , FPs, encryptor)
FPs = Decrypt("Stuctu reDataFile.bin" , decryptor)

End Sub

Private Shared Sub Encrypt(ByVal path As String, ByVal fps As
StuctureDataFil e, ByVal transform As ICryptoTransfor m)
Dim formatter As New BinaryFormatter
Dim output As Stream = File.Open(path, FileMode.Create )
Dim cryptoOutput As New CryptoStream(ou tput, transform,
CryptoStreamMod e.Write)
formatter.Seria lize(cryptoOutp ut, fps)
cryptoOutput.Fl ushFinalBlock()
cryptoOutput.Cl ose()
output.Close()
End Sub

Private Shared Function Decrypt(ByVal path As String, ByVal transform As
ICryptoTransfor m) As StuctureDataFil e
Dim formatter As New BinaryFormatter
Dim input As Stream = File.Open(path, FileMode.Open)
Dim cryptoInput As New CryptoStream(in put, transform,
CryptoStreamMod e.Read)
Dim fps As StuctureDataFil e =
DirectCast(form atter.Deseriali ze(cryptoInput) , StuctureDataFil e)
cryptoInput.Clo se()
input.Close()
Return fps
End Function
Note in the above I am using the Rijndael algorithm to encrypt & decrypt the
file. You can use other algorithms if you so choose, just remember to use
the exact same key & iv for decryption that you use for encryption! The
RijndaelManaged .GenerateKey & GenerateIV creates a random key &
initialization vector, good for testing, not good for production...

Hope this helps
Jay

"JZ" <jj@anon.anon.c om> wrote in message
news:41******** *************** @news-text.dial.pipex .com... Hi,

I'm using a class and binary formatter to store data in files.

For example..

Dim FPs As New StuctureDataFil e()
Dim FileStream As Stream = File.Open(pfile , FileMode.Open)
Dim FileFormatter As New BinaryFormatter ()
FPs = DirectCast(File Formatter.Deser ialize(FileStre am), StuctureDataFil e)
FileStream.Clos e()

How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?

I want to stop people creating their own data files.

Also, is there anyway I can provide extra security? For example,
encryption?

Thanks in advance!!

--
JZ

Nov 21 '05 #3
On Wed, 22 Sep 2004 17:22:29 -0500, Jay B. Harlow [MVP - Outlook] wrote:
JZ,
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?

I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...

As Tom suggests you can use a System.Security .Cryptography.C ryptoStream to
encrypt & decrypt the file.

You can chain the streams, so you don't need to use a MemoryStream per se.


Dang it! I knew that was possible, but for some reason the memorystream
thing stuck in my head... Good one Jay.

--
Tom Shelton [MVP]
Nov 21 '05 #4
JZ
Hi,

Thanks thats exactly what I was looking for.

Really quick too.

Cheers
--
JZ
Nov 21 '05 #5
JZ
Hi,

Thanks thats exactly what I was looking for.

Really quick too.

Cheers
--
JZ
Nov 21 '05 #6
JZ
Hi,

Is there any reason why this shouldn't work on Windows 98.

I have the code working fine on XP Pro.
But it has an error on 98 :
serializationex ception 'type is not resolved'

I've tried a rebuild of my data files.

Any suggestions?

--
JZ
Nov 21 '05 #7
JZ
Hi,

Is there any reason why this shouldn't work on Windows 98.

I have the code working fine on XP Pro.
But it has an error on 98 :
serializationex ception 'type is not resolved'

I've tried a rebuild of my data files.

Any suggestions?

--
JZ
Nov 21 '05 #8
JZ
Actually it doesn't work on Windows 2000 either.

--
JZ
Nov 21 '05 #9
JZ
Actually it doesn't work on Windows 2000 either.

--
JZ
Nov 21 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
3811
by: Dominic | last post by:
Hi everybody, In my application, I'm planning to use BinaryFormatter to serialize a potentially huge object to file (and, of course, deserialize back to memory later). My question is if there is any hard limit on the size of this object? Is it only limited by the amount of memory or hard-disk space in the server?
0
1055
by: aladdinm1 | last post by:
Hi All, Reference to the problem I posted with subject "BinaryFormatter.Deserialize fails when used with .net ActiveX". I could successfully solve the problem by creating a class inherited from SerializationBinder and setting the Binder property of the BinaryFormatter to an instance of that class. The code used was just one line to return the type used to serialize data. I got this information by help of the following Url: ...
1
1853
by: 2G | last post by:
Hi, When I serialize a object using the binaryformatter and save it to a file, the file contains some parts of unreadable junk. Should I do some encoding on the bytearray or something before saving it ? All works fine when I use the soapformatter. public byte Serialize(object o, SerializationFormat format) { IFormatter iFor = null;
0
1776
by: Fred Heida | last post by:
Hi Al, i have a funny problem.. i you can call it funny.. what i have is 2 assemblies, the first one does nothing other then Application.Run(new MyForm())
11
3964
by: Igor | last post by:
Hi. While executing BinaryFormatter.Deserialize() I get: System.InvalidCastException: Specified cast is not valid. I implemented ISerializable interface. What may be a problem? Thanks.
19
6256
by: Sharon | last post by:
Hi, When I'm doing BinaryFormatter.Deserialize() over a TCP socket. When I'm closing the TcpListener by invoking the TcpListener.Stop(); I get: System.IO.IOException with message "Unable to read data from the transport connection." that InnerException of type System.Net.Sockets.SocketException saying "An established connection was aborted by the software in your host machine".
2
1362
by: Marcel Balcarek | last post by:
Does anyone have an example of serializing an object to a database table?
17
1879
by: Peter | last post by:
How would would you deserialize this example below? Imports System Imports System.Collections Imports System.IO Imports System.Xml.Serialization Public Class App1 Shared Sub Main()
0
1559
by: =?Utf-8?B?Q2hyaXM=?= | last post by:
Hi, I have a webservice returning a serialized class as
0
9875
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9715
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10945
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
10674
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10317
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9454
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5697
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5886
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
3146
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.