Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

XML Security

Posted on 2004-09-20
2
Medium Priority
?
210 Views
Last Modified: 2010-05-18
I am storing some configuration information in an xml file. Is there any provision to protect it .
0
Comment
Question by:GKY
2 Comments
 
LVL 5

Expert Comment

by:tzxie2000
ID: 12102665
If some data are important it is surely that you should encode the data

which languange do you used then
0
 
LVL 21

Accepted Solution

by:
MogalManic earned 375 total points
ID: 12114524
XML by definition is text so in its native form it cannot be protected from someone loading it into NotePad and changing the values.  Here are your options:

  1) Protect the file using the OS
        a) For Unix/Linix set the Owner for full control, and the Group and World to ReadOnly.  The process that modifies the file is the owner and all other processes are in the same group.
        b) For Windows, Set the file as accessable to only certain people and/or groups...
   2) Encrypt and/or Zip the file with password and decrypt it in the application before parsing the XML
   3) Add a checksum attribute to the root node of the XML file.  The checksum is a hash of the XML file contents as string.  For example
        <configData xsum="1FA3B700324343523FACDBA">
         </configData>
       When the XML is loaded, recompute the checksum and throw error and abort.

The last solution is the simplest, even though it does not stop a person from editing the file, it will allow you to know if someone has changed the file.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Introduction to Processes

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question