Hi,
I'm using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
--
JZ
11  3086 
On Wed, 22 Sep 2004 21:18:32 +0100, JZ wrote: Hi,
I'm using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
Sure, you can serialize to a MemoryStream, and then use one of the various
encryption classes in System.Security.Cryptography to encrypt the byte
array before writting it to the file... Obviously, the process would be
thre reverse to recover the data :)
--
Tom Shelton [MVP]
JZ, How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...
As Tom suggests you can use a System.Security.Cryptography.CryptoStream to
encrypt & decrypt the file.
You can chain the streams, so you don't need to use a MemoryStream per se.
Try something like:
Public Shared Sub Main()
Dim rijndael As New RijndaelManaged
rijndael.GenerateKey() ' create random key
rijndael.GenerateIV() ' create random initialization vector
Dim encryptor As ICryptoTransform =
rijndael.CreateEncryptor(rijndael.Key, rijndael.IV)
Dim decryptor As ICryptoTransform =
rijndael.CreateDecryptor(rijndael.Key, rijndael.IV)
Dim FPs As New StuctureDataFile
Encrypt("StuctureDataFile.bin", FPs, encryptor)
FPs = Decrypt("StuctureDataFile.bin", decryptor)
End Sub
Private Shared Sub Encrypt(ByVal path As String, ByVal fps As
StuctureDataFile, ByVal transform As ICryptoTransform)
Dim formatter As New BinaryFormatter
Dim output As Stream = File.Open(path, FileMode.Create)
Dim cryptoOutput As New CryptoStream(output, transform,
CryptoStreamMode.Write)
formatter.Serialize(cryptoOutput, fps)
cryptoOutput.FlushFinalBlock()
cryptoOutput.Close()
output.Close()
End Sub
Private Shared Function Decrypt(ByVal path As String, ByVal transform As
ICryptoTransform) As StuctureDataFile
Dim formatter As New BinaryFormatter
Dim input As Stream = File.Open(path, FileMode.Open)
Dim cryptoInput As New CryptoStream(input, transform,
CryptoStreamMode.Read)
Dim fps As StuctureDataFile =
DirectCast(formatter.Deserialize(cryptoInput), StuctureDataFile)
cryptoInput.Close()
input.Close()
Return fps
End Function
Note in the above I am using the Rijndael algorithm to encrypt & decrypt the
file. You can use other algorithms if you so choose, just remember to use
the exact same key & iv for decryption that you use for encryption! The
RijndaelManaged.GenerateKey & GenerateIV creates a random key &
initialization vector, good for testing, not good for production...
Hope this helps
Jay
"JZ" <jj@anon.anon.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Hi,
I'm using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example,
encryption?
Thanks in advance!!
--
JZ
On Wed, 22 Sep 2004 17:22:29 -0500, Jay B. Harlow [MVP - Outlook] wrote: JZ, How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...
As Tom suggests you can use a System.Security.Cryptography.CryptoStream to
encrypt & decrypt the file.
You can chain the streams, so you don't need to use a MemoryStream per se.
Dang it! I knew that was possible, but for some reason the memorystream
thing stuck in my head... Good one Jay.
--
Tom Shelton [MVP]
Hi,
Thanks thats exactly what I was looking for.
Really quick too.
Cheers
--
JZ
Hi,
Thanks thats exactly what I was looking for.
Really quick too.
Cheers
--
JZ
Hi,
Is there any reason why this shouldn't work on Windows 98.
I have the code working fine on XP Pro.
But it has an error on 98 :
serializationexception 'type is not resolved'
I've tried a rebuild of my data files.
Any suggestions?
--
JZ
Hi,
Is there any reason why this shouldn't work on Windows 98.
I have the code working fine on XP Pro.
But it has an error on 98 :
serializationexception 'type is not resolved'
I've tried a rebuild of my data files.
Any suggestions?
--
JZ
Actually it doesn't work on Windows 2000 either.
--
JZ
Actually it doesn't work on Windows 2000 either.
--
JZ
Hi,
Don't worry.
I fixed it, I'd chnaged my data strucure and hadn't realised.
Thanks
--
JZ
JZ,
Glad you got it to work!
Thanks for the follow up.
Jay
"JZ" <jj@anon.anon.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Hi,
Don't worry.
I fixed it, I'd chnaged my data strucure and hadn't realised.
Thanks
--
JZ
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dominic |
last post by:
Hi everybody,
In my application, I'm planning to use BinaryFormatter to serialize a
potentially huge object to file (and, of course, deserialize back to
memory later). My question is if there is...
|
by: aladdinm1 |
last post by:
Hi All,
Reference to the problem I posted with subject
"BinaryFormatter.Deserialize fails when used with .net ActiveX". I could
successfully solve the problem by creating a class inherited from...
|
by: 2G |
last post by:
Hi,
When I serialize a object using the binaryformatter and save it to a file,
the file contains some parts of unreadable junk.
Should I do some encoding on the bytearray or something before...
|
by: Fred Heida |
last post by:
Hi Al, i have a funny problem.. i you can call it funny..
what i have is 2 assemblies, the first one does nothing other then
Application.Run(new MyForm())
|
by: Igor |
last post by:
Hi.
While executing BinaryFormatter.Deserialize() I get:
System.InvalidCastException: Specified cast is not valid.
I implemented ISerializable interface. What may be a problem?
Thanks.
|
by: Sharon |
last post by:
Hi,
When I'm doing BinaryFormatter.Deserialize() over a TCP socket. When I'm
closing the TcpListener by invoking the TcpListener.Stop(); I get:
System.IO.IOException with message "Unable to...
|
by: Marcel Balcarek |
last post by:
Does anyone have an example of serializing an object to a database table?
|
by: Peter |
last post by:
How would would you deserialize this example below?
Imports System
Imports System.Collections
Imports System.IO
Imports System.Xml.Serialization
Public Class App1
Shared Sub Main()
|
by: =?Utf-8?B?Q2hyaXM=?= |
last post by:
Hi,
I have a webservice returning a serialized class
as
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
