Solved

XML Security

Posted on 2004-09-20
2
201 Views
Last Modified: 2010-05-18
I am storing some configuration information in an xml file. Is there any provision to protect it .
0
Comment
Question by:GKY
2 Comments
 
LVL 5

Expert Comment

by:tzxie2000
ID: 12102665
If some data are important it is surely that you should encode the data

which languange do you used then
0
 
LVL 21

Accepted Solution

by:
MogalManic earned 125 total points
ID: 12114524
XML by definition is text so in its native form it cannot be protected from someone loading it into NotePad and changing the values.  Here are your options:

  1) Protect the file using the OS
        a) For Unix/Linix set the Owner for full control, and the Group and World to ReadOnly.  The process that modifies the file is the owner and all other processes are in the same group.
        b) For Windows, Set the file as accessable to only certain people and/or groups...
   2) Encrypt and/or Zip the file with password and decrypt it in the application before parsing the XML
   3) Add a checksum attribute to the root node of the XML file.  The checksum is a hash of the XML file contents as string.  For example
        <configData xsum="1FA3B700324343523FACDBA">
         </configData>
       When the XML is loaded, recompute the checksum and throw error and abort.

The last solution is the simplest, even though it does not stop a person from editing the file, it will allow you to know if someone has changed the file.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

RIA (Rich Internet Application) tools are interactive internet applications which have many of the characteristics of desktop applications. The RIA tools typically deliver output either by the way of a site-specific browser or via browser plug-in. T…
Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now