Link to home
Start Free TrialLog in
Avatar of IvanHowarth
IvanHowarth

asked on

How can I save data that my app uses, to file, in a way that no one can decipher other than my app?

I want to write a quick and simple security app.

The app will contain data (an array) that will need to be saved locally when the app shuts down, but the data is sensitive and commercial. So the saved file must not be able to be accessed or read or deciphered by anyone else other than my application during run time.

Is it possible to store the data in an array then save it to some sort of file as an object? (i.e. not serialized and thus capable of being read in Notepad)

My app will also need to be capable of updating this data file from a source file through design time coding.

Any ideas on best how to meet this requirement?

 
Avatar of g_johnson
g_johnson
Flag of United States of America image

first, i would use encryption, and for that I use RijndaelSimple

then, how you store it is up to you.  Registry for easy updates, XML file (same thing), text file (tougher to update unless you want to rewrite the file every time)
ASKER CERTIFIED SOLUTION
Avatar of Jeff Certain
Jeff Certain
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of IvanHowarth
IvanHowarth

ASKER

Chaosian

I have since decided to store the master source data within SQL server within our LAN, updated by my 'Office App'. No problem! But as  engineers regularly go mobile with their laptop, they need the 'Mobile App' which is the issue.

As soon as the 'Mobile App' connects to the LAN, it automatically connects to the SQL server and gets a fresh set of data. This is currently loaded in a DataTable and DataView (not an array as originally intended). So forget about how the read-only data is to be used, I just want the contents of the DataTable encrypted and saved to disc (or saved to disc then immediately encrypted). Then when mobile, as soon as it realises that there is no SQL server to connect to, it decrypts the data and loads it back into a DataTable>DataView ready for use.

Do you know, or can you provide any sample code to meet my objective, from a populated DataTable onwards?

This would really help as I am discovering different methods (Rijndael or System.Security namespace etc) but have never seen it done before.
Have you considered storing the data in a local isntance of SQL Express ont he engineers' laptops rather than as a file?
Not come accross SQL Express before - sounds interesting. Is it compatible with data bases buit using SQL Server 2000? I'll do some further research myself.
SQL Express is the (free) replacement for MSDE. It is a versino of SQL 2005. As far as ADO .NET is concerned, it is a SqlClient. Should be straight-forward if you're used to dealing with SQL 2000.
I think this will make things so much easier, but just a quick question - does it have the security to stop anything other than my app accessing it - i.e. another app installed on the laptops, others trying to hack into it etc. Because this is only a copy of the master database, I need it impossible for anything to access it other than the DataAdapter in my App.
Well, you'll need to take the standard steps to protect your database -- encrypted connection string, strong password, user account on SQL with proper permissions, etc.

If you have access to a SQL DBA, they'll be able to help you with all that stuff.

Keep in mind that unless you use Obfuscator or a similar productor, your .exe can be decompiled using Roeder's reflector. So you want to be really careful of where you put your connection string, etc.
By the way... I'd guess that by now you're realizing that tight security is never "quick and simple." :)
lol - thanks. I'll keep you posted :-)
I've downloaded SQL Express - it looks impressive. But without having time to fully play with it, I'm not confident that I could block all the doors to the actually DB on a local machine. I'm only familiar of SQL server 2000 safely residing on a secure LAN.

Microsoft has a sample vb.net encrypting and decrypting app using either Rijndael or TripleDES, but it doesn't work (not if you close the app after encrypting, then open it again to decrypt). Shame, I could apply that coding to mine.

Do you know of any other similar code samples I could follow? or books, or is SQL Express worth investing time to get familiar with. What ever, it must be able to work on XP Home (as this is unfortunatelly installed on the laptops).