Solved

XML Security

Posted on 2004-09-20
2
203 Views
Last Modified: 2010-05-18
I am storing some configuration information in an xml file. Is there any provision to protect it .
0
Comment
Question by:GKY
2 Comments
 
LVL 5

Expert Comment

by:tzxie2000
ID: 12102665
If some data are important it is surely that you should encode the data

which languange do you used then
0
 
LVL 21

Accepted Solution

by:
MogalManic earned 125 total points
ID: 12114524
XML by definition is text so in its native form it cannot be protected from someone loading it into NotePad and changing the values.  Here are your options:

  1) Protect the file using the OS
        a) For Unix/Linix set the Owner for full control, and the Group and World to ReadOnly.  The process that modifies the file is the owner and all other processes are in the same group.
        b) For Windows, Set the file as accessable to only certain people and/or groups...
   2) Encrypt and/or Zip the file with password and decrypt it in the application before parsing the XML
   3) Add a checksum attribute to the root node of the XML file.  The checksum is a hash of the XML file contents as string.  For example
        <configData xsum="1FA3B700324343523FACDBA">
         </configData>
       When the XML is loaded, recompute the checksum and throw error and abort.

The last solution is the simplest, even though it does not stop a person from editing the file, it will allow you to know if someone has changed the file.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
groupSumClump challenge 9 115
Microsoft C++ code failing in executable that worked 9 100
Plain Text Editor for iPad 6 77
sp_configure 'external scripts enabled', 1; 7 52
A short article about problems I had with the new location API and permissions in Marshmallow
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question