Solved

XML Security

Posted on 2004-09-20
2
202 Views
Last Modified: 2010-05-18
I am storing some configuration information in an xml file. Is there any provision to protect it .
0
Comment
Question by:GKY
2 Comments
 
LVL 5

Expert Comment

by:tzxie2000
ID: 12102665
If some data are important it is surely that you should encode the data

which languange do you used then
0
 
LVL 21

Accepted Solution

by:
MogalManic earned 125 total points
ID: 12114524
XML by definition is text so in its native form it cannot be protected from someone loading it into NotePad and changing the values.  Here are your options:

  1) Protect the file using the OS
        a) For Unix/Linix set the Owner for full control, and the Group and World to ReadOnly.  The process that modifies the file is the owner and all other processes are in the same group.
        b) For Windows, Set the file as accessable to only certain people and/or groups...
   2) Encrypt and/or Zip the file with password and decrypt it in the application before parsing the XML
   3) Add a checksum attribute to the root node of the XML file.  The checksum is a hash of the XML file contents as string.  For example
        <configData xsum="1FA3B700324343523FACDBA">
         </configData>
       When the XML is loaded, recompute the checksum and throw error and abort.

The last solution is the simplest, even though it does not stop a person from editing the file, it will allow you to know if someone has changed the file.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

RIA (Rich Internet Application) tools are interactive internet applications which have many of the characteristics of desktop applications. The RIA tools typically deliver output either by the way of a site-specific browser or via browser plug-in. T…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now