Hi,
I'm using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFil e()
Dim FileStream As Stream = File.Open(pfile , FileMode.Open)
Dim FileFormatter As New BinaryFormatter ()
FPs = DirectCast(File Formatter.Deser ialize(FileStre am), StuctureDataFil e)
FileStream.Clos e()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
--
JZ 11 3123
On Wed, 22 Sep 2004 21:18:32 +0100, JZ wrote: Hi,
I'm using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFil e() Dim FileStream As Stream = File.Open(pfile , FileMode.Open) Dim FileFormatter As New BinaryFormatter () FPs = DirectCast(File Formatter.Deser ialize(FileStre am), StuctureDataFil e) FileStream.Clos e()
How secure is the the data file, is it easy for someone to re-create my class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
Sure, you can serialize to a MemoryStream, and then use one of the various
encryption classes in System.Security .Cryptography to encrypt the byte
array before writting it to the file... Obviously, the process would be
thre reverse to recover the data :)
--
Tom Shelton [MVP]
JZ, How secure is the the data file, is it easy for someone to re-create my class by analysis the datafile?
I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...
As Tom suggests you can use a System.Security .Cryptography.C ryptoStream to
encrypt & decrypt the file.
You can chain the streams, so you don't need to use a MemoryStream per se.
Try something like:
Public Shared Sub Main()
Dim rijndael As New RijndaelManaged
rijndael.Genera teKey() ' create random key
rijndael.Genera teIV() ' create random initialization vector
Dim encryptor As ICryptoTransfor m =
rijndael.Create Encryptor(rijnd ael.Key, rijndael.IV)
Dim decryptor As ICryptoTransfor m =
rijndael.Create Decryptor(rijnd ael.Key, rijndael.IV)
Dim FPs As New StuctureDataFil e
Encrypt("Stuctu reDataFile.bin" , FPs, encryptor)
FPs = Decrypt("Stuctu reDataFile.bin" , decryptor)
End Sub
Private Shared Sub Encrypt(ByVal path As String, ByVal fps As
StuctureDataFil e, ByVal transform As ICryptoTransfor m)
Dim formatter As New BinaryFormatter
Dim output As Stream = File.Open(path, FileMode.Create )
Dim cryptoOutput As New CryptoStream(ou tput, transform,
CryptoStreamMod e.Write)
formatter.Seria lize(cryptoOutp ut, fps)
cryptoOutput.Fl ushFinalBlock()
cryptoOutput.Cl ose()
output.Close()
End Sub
Private Shared Function Decrypt(ByVal path As String, ByVal transform As
ICryptoTransfor m) As StuctureDataFil e
Dim formatter As New BinaryFormatter
Dim input As Stream = File.Open(path, FileMode.Open)
Dim cryptoInput As New CryptoStream(in put, transform,
CryptoStreamMod e.Read)
Dim fps As StuctureDataFil e =
DirectCast(form atter.Deseriali ze(cryptoInput) , StuctureDataFil e)
cryptoInput.Clo se()
input.Close()
Return fps
End Function
Note in the above I am using the Rijndael algorithm to encrypt & decrypt the
file. You can use other algorithms if you so choose, just remember to use
the exact same key & iv for decryption that you use for encryption! The
RijndaelManaged .GenerateKey & GenerateIV creates a random key &
initialization vector, good for testing, not good for production...
Hope this helps
Jay
"JZ" <jj@anon.anon.c om> wrote in message
news:41******** *************** @news-text.dial.pipex .com... Hi,
I'm using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFil e() Dim FileStream As Stream = File.Open(pfile , FileMode.Open) Dim FileFormatter As New BinaryFormatter () FPs = DirectCast(File Formatter.Deser ialize(FileStre am), StuctureDataFil e) FileStream.Clos e()
How secure is the the data file, is it easy for someone to re-create my class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
-- JZ
On Wed, 22 Sep 2004 17:22:29 -0500, Jay B. Harlow [MVP - Outlook] wrote: JZ, How secure is the the data file, is it easy for someone to re-create my class by analysis the datafile? I'm not sure how easy it would be but you could open the file in VS.NET to see how readable it is. You will notice that strings are immediately readable, plus the Assembly, Class & Field names...
As Tom suggests you can use a System.Security .Cryptography.C ryptoStream to encrypt & decrypt the file.
You can chain the streams, so you don't need to use a MemoryStream per se.
Dang it! I knew that was possible, but for some reason the memorystream
thing stuck in my head... Good one Jay.
--
Tom Shelton [MVP]
Hi,
Thanks thats exactly what I was looking for.
Really quick too.
Cheers
--
JZ
Hi,
Thanks thats exactly what I was looking for.
Really quick too.
Cheers
--
JZ
Hi,
Is there any reason why this shouldn't work on Windows 98.
I have the code working fine on XP Pro.
But it has an error on 98 :
serializationex ception 'type is not resolved'
I've tried a rebuild of my data files.
Any suggestions?
--
JZ
Hi,
Is there any reason why this shouldn't work on Windows 98.
I have the code working fine on XP Pro.
But it has an error on 98 :
serializationex ception 'type is not resolved'
I've tried a rebuild of my data files.
Any suggestions?
--
JZ
Actually it doesn't work on Windows 2000 either.
--
JZ
Actually it doesn't work on Windows 2000 either.
--
JZ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Dominic |
last post by:
Hi everybody,
In my application, I'm planning to use BinaryFormatter to serialize a
potentially huge object to file (and, of course, deserialize back to
memory later). My question is if there is any hard limit on the size
of this object?
Is it only limited by the amount of memory or hard-disk space in the
server?
|
by: aladdinm1 |
last post by:
Hi All,
Reference to the problem I posted with subject
"BinaryFormatter.Deserialize fails when used with .net ActiveX". I could
successfully solve the problem by creating a class inherited from
SerializationBinder and setting the Binder property of the BinaryFormatter to
an instance of that class. The code used was just one line to return the type
used to serialize data. I got this information by help of the following Url:
...
|
by: 2G |
last post by:
Hi,
When I serialize a object using the binaryformatter and save it to a file,
the file contains some parts of unreadable junk.
Should I do some encoding on the bytearray or something before saving it ?
All works fine when I use the soapformatter.
public byte Serialize(object o, SerializationFormat format) {
IFormatter iFor = null;
|
by: Fred Heida |
last post by:
Hi Al, i have a funny problem.. i you can call it funny..
what i have is 2 assemblies, the first one does nothing other then
Application.Run(new MyForm())
|
by: Igor |
last post by:
Hi.
While executing BinaryFormatter.Deserialize() I get:
System.InvalidCastException: Specified cast is not valid.
I implemented ISerializable interface. What may be a problem?
Thanks.
| |
by: Sharon |
last post by:
Hi,
When I'm doing BinaryFormatter.Deserialize() over a TCP socket. When I'm
closing the TcpListener by invoking the TcpListener.Stop(); I get:
System.IO.IOException with message "Unable to read data from the transport
connection." that InnerException of type System.Net.Sockets.SocketException
saying "An established connection was aborted by the software in your host
machine".
|
by: Marcel Balcarek |
last post by:
Does anyone have an example of serializing an object to a database table?
|
by: Peter |
last post by:
How would would you deserialize this example below?
Imports System
Imports System.Collections
Imports System.IO
Imports System.Xml.Serialization
Public Class App1
Shared Sub Main()
|
by: =?Utf-8?B?Q2hyaXM=?= |
last post by:
Hi,
I have a webservice returning a serialized class
as
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |